Challenge Solutions
Spoiler Warning: These solutions explain exactly how to bypass each detection rule. Try the challenges first!
Category 1: Process Name Evasion
Category 2: Command Line Obfuscation
- 05 - Path Manipulation
- 06 - Caret Insertion
- 07 - Environment Variable Substitution
- 08 - Base64 Encoded Commands
- 09 - The Useless Rule
Category 3: Process Monitoring Bypass
- 10 - Timing Attack
- 11 - Pre-Existing Process
- 12 - Living Off The Land
- 13 - LSASS Without Keywords
- 14 - Tool Rename for LSASS
Category 4: Execution Evasion
- 15 - Alternative PowerShell Host
- 16 - Elevated Process Evasion
- 17 - 32-Bit Process Evasion
- 18 - Unicode Process Names
MostShittyEDR