A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your Own Installer” (BYOI) EDR bypass technique that exploits a flaw in SentinelOne’s upgrade process to bypass its anti-tamper protections, leaving endpoints unprotected. Stroz Friedberg researchers did […]
This article has been indexed from Security Affairs