DFIR vs EDR vs Malware Analysis vs Cyber Crime vs Legally Admissible Digital Forensics vs Law Enforcement . (Don’t get it twisted. )
Cyber Security can become very convoluted due to similarities, but the nuances makes a big differences. Allot of people talk about the above terms as if there are all the same use cases. I am going to just detail the differences for these use cases. Even thou, the technical skills are the same level.
Bypass Evade AV/EDR / Remoting
Questions to ask AV/EDR vendors
Using this questions to not only evaluate other vendors but also get a discount on there offerings.
- Has your NextGen AV / EDR ever being bypassed ?
- What are some examples and how has this being addressed?
- Has your agent caused any Endpoint performance degradation or outages?
- Have you had any outages or latency issues with your SaaS based platform and/or outages?
- Has your agent caused any production outages for any of your customers?
Red Team Tools
- Nuclei Templates
- Identifies attempt to coerce a local NTLM authentication via HTTP using Printer Spooler service as a target. Anadversary may use this primitive in combination with other techniques to elevate privileges on a compromised system.
- The Curious Case Of Mavinject.Exe