Defenders do be putting too much stock in their endpoint defense products. https://www.theregister.com/2025/08/14/edr_killers_ransomware/

@mttaggart "Bring your own VD" always makes me giggle because I'm 12.

@mttaggart As much as I like to bash endpoint security the title is a gross oversimplification of the problem: EDR is very much in the way while you 1. gain initial access 2. elevate your privileges 3. load a malicious kernel driver. And even after this you pwn'd 1 machine, and EDR is active on most lateral movement targets (I'd be also very interested in how "abuse this [local] kernel-level access to move laterally within the network" could be implemented in practice...).

@buherator It's a headline; of course it's oversimplified. Please read the story, which is about the increased use of effective EDR killers, which is a legitimate problem.

The story contains plenty of qualifications and caveats that support what you're saying.

@mttaggart I've read the story, but many visitors don't. Of course if you've ever had to bypass an EDR you'll get the gist, but if you are an average reader (this is The Register, not some hacker zine) these falsehoods added by the journalist will mislead you.

@buherator I hear you. I feel like your point is "It's still hard to bypass EDR," which I agree with. But the story's point is "This is happening anyway," so I think there's something to consider here.

@mttaggart The stories title says that "[attacker] don't care about your endpoint security" which is simply not true (a lie, if you like). Stating (not suggesting) that EDR will not be effective not effective on other hosts when disabled on the pivot point is also a lie.

I absolutely agree with *your* comment, but this is just bad journalism transforming expert opinion into clickbait bullshit.

@cR0w @mttaggart
Store-bought is fine.