Running programs via Proxy & jumping on a EDR-bypass trampoline, Part 4

Here’s yet another subclass of tricks one can use to distort the process tree seen by EDR and sandbox solutions. Many Windows programs launch other internal Windows programs (native to […]

Article Link: http://www.hexacorn.com/blog/2017/10/29/running-programs-via-proxy-jumping-on-a-edr-bypass-trampoline-part-4/