The Cyber Threat Perspective (Replay) How We Evade Detection During Internal Pentests
Jun 27, 2025
Dive into the world of evasion tactics in internal penetration testing. Discover why evasion is crucial as defenders grow stronger. Learn how attackers cleverly use trusted tools and modify binaries to evade detection. Find out why low-tech changes like renaming can still be effective, and explore the benefits of building custom tools instead of tweaking existing ones. Get insights on lateral movement techniques, including the subtle use of PowerShell, and essential defensive strategies to enhance detection.
AI Snips
Chapters
Transcript
Episode notes
Evasion Is Nuanced And Underserved
- Evasion is a nuanced, control-focused topic that defenders rarely discuss publicly.
- Understanding evasion helps buyers, pen testers, and defenders have smarter conversations about detection gaps.
Raise The Bar For Internal Detection
- Expect defenders to raise the bar — attackers must avoid detection to succeed.
- Test and improve detection on internal assets because threat actors must stay undetected to reach their goals.
Watch Trusted Tools On Unusual Hosts
- Monitor for trusted tools and LOLBins running on atypical hosts like workstations.
- Flag execution of admin utilities on non-admin machines and investigate immediately.