r/netsec u/Cold-Dinosaur 2d ago

Countering EDRs With The Backing Of Protected Process Light (PPL)

https://www.zerosalarium.com/2025/08/countering-edrs-with-backing-of-ppl-protection.html
26 Upvotes

86% Upvoted

3 comments sorted by

1

u/cobolfoo 1d ago

It's a interesting approach, I guess you still need to have admin rights to create a service that run before defender?

1

u/Cold-Dinosaur 1d ago

Yep! Otherwise, it would become a privilege escalation exploit.