Defeating EDRs with Office Products



Removing an EDR’s hooks from a process is not a foreign concept these days; it’s become a common technique deployed by adversaries to remain undetected while circumventing anti-malware controls. Defenders have tried to combat these attacks but ultimately fall short as most of the effort rests on ensuring that malicious executables can’t run on endpoints (typically through whitelisting or other access control lists). This technique, combined with intensive logging, is often deployed to d…

Read More