Bypassing Cylance ThreatProtect/Optics by exploiting elevated access to ignore DLL hooking then dumping credentials without creating any alerts. Demonstrated this dirty trick at Nullcon back in 2020.
Go back to Adversary Tactics