Bypassing Cylance: Part 1 – Using VSAgent.exe
ATT&CK techniques detected
T1071Application Layer Protocol
38%
"a well - formed html page to communicate commands and their results between the c2 server and client. the viewstate parameter is commonly used in asp. net web applications to maintain state between the client and the server. because this field is so commonly observed and is base6…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
David Fletcher // Recently, we had the opportunity to test a production Cylance environment. Obviously, each environment is going to be different and the efficacy of security controls relies largely […]
The post Bypassing Cylance: Part 1 – Using VSAgent.exe appeared first on Black Hills Information Security, Inc..