Windows AMSI Bypass — The turning point for an Endpoint Analytics eval

This is a short article highlighting the benefits of rich log telemetry when coupled with advanced Endpoint Analytics content.

The exercise presented here is based on an out-of-band “Attack Lab” built by one of my colleagues in a project focused on Detection Validation process.

Research/Lab Time = Better…