Cisco AMP - Bypassing Self-Protection

Sometimes when you are in the middle of an engagement, you will come across a hurdle which requires a quick bit of research, coding, and a little bit of luck. This was the case with a recent engagement in which we came across Cisco AMP, an endpoint protection technology which provides analysis of processes, provides spawn chains, and exposed a bunch of the other goodies you have come to expect from EDR products, including our old friend…. self-protection. We’ve explored self-protection t... Read More »