Endpoint Security Bypass

Denylists don't work - too easy to bypass

Methodology

  1. create payload exe
  2. disassemble
  3. xor X, X → always 0
  4. reassemble
  5. bypass!

Tools

Whitelisting - AppLocker

Password Controls

Network Security Monitoring / Egress Traffic Analysis