TL;DR Link to heading This blog post describes a generic technique I called internally on our red team assessment “Divide and Conquer”, which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes. Intro Link to heading Back in 2019 I was part of a red team, where our daily activity was to bypass a specific NextGen AV.
