Elastic EDR detections were bypassed by changing PE magic bytes and extensions (transfer as .png, execute as .scr) and executing from an excluded path (C:\ProgramData\Microsoft\Search), yielding a Cobalt Strike Beacon. #elastic_edr #cobalt_strike #lateral_movement https://bit.ly/4awRJ15
0
0
0
0