The Dark Side of EDR: Repurpose EDR as an Offensive Tool

https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/?s=09

@buherator That research was from 19 April 2024 and Palo Alto Networks responded on 24 April: https://security.paloaltonetworks.com/PAN-SA-2024-0005
Palo Alto Networks is aware of SafeBreach research "The Dark Side of EDR" describing a specifically crafted proof of concept (PoC) that bypasses Cortex XDR agent endpoint protection modules. Practical attack scenarios require administrative privileges to perform this bypass. PAN doesn't consider this a vulnerability and states not aware of any malicious exploitation of this issue.