Bypassing Cylance: Part 2 – Using DNSCat2
Summary
This article is the second part of a series detailing how to bypass Cylance's endpoint protection using DNSCat2 for command and control (C2) communication. It focuses on specific techniques to achieve C2 in a Cylance-protected environment.
IFF Assessment
FOE
This article details methods for bypassing security software, which is bad news for defenders.
Defender Context
This article highlights a method for establishing command and control (C2) communication by bypassing endpoint detection and response (EDR) solutions like Cylance. Defenders should be aware of techniques that leverage legitimate protocols like DNS for covert C2, as these can be challenging to detect and block.