EDR vendors really hate providing demo/trial copies of their software to offensive teams. They might consider changing this practice mandating cloud only consoles and paying really good attention to the telemetry for free research and gap coverage.
TBH I think all security tooling vendors should offer a free / community version of their product. It helps education, research, and would prob even mean more sales for them
-
-
It essentially happens anyways in client environments and they probably lose a lot of great data in all the normal pentest noise.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I appreciate the complexities in the endpoint detection software ecosystem, not unlike those found in the offensive tooling community. The current state is quite imperfect. I saw some really disappointing & damaging behavior when free EDR trials were offered at my $lastjob. 1/2
-
Mostly from unauthorized threat actors, but a few pen testing teams were really disappointing. I’m happy to not be making EDR detection & visibility decisions anymore! How do you feel about MS’ approach navigating these complexities? Lots of different versions & transparent IMO
- Show replies
New conversation -
-
-
Hey I said EDR the AV side is easy sir
- Show replies
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.