Bypassing Cylance: Part 1 – Using VSAgent.exe
Summary
This article details a method for bypassing Cylance, an endpoint security solution, by utilizing its legitimate VSAgent.exe process. It describes how to leverage this legitimate tool for potentially malicious purposes, implying a security weakness in the targeted Cylance environment.
IFF Assessment
FOE
The article describes a technique that can be used to bypass security controls, which is detrimental to defenders.
Defender Context
This article highlights a potential blind spot for defenders using Cylance, as attackers can leverage legitimate system tools like VSAgent.exe to evade detection. Security teams should be aware of such techniques and consider implementing additional layers of monitoring and detection that go beyond traditional signature-based or heuristic analysis.