Register
15:00
Stop
CEH - System Hacking - Executing Applications
Advanced
1/15
During a penetration test on a client's network, you encounter a system with a strict security policy that monitors process creation and has enhanced security features. You need to execute your password dumping tool but standard execution is failing due to Endpoint Detection and Response (EDR) software. Which technique would most likely succeed in running your tool while evading detection?
a.
Execute the tool using PowerShell's Invoke-Expression command with the -ExecutionPolicy Bypass parameter
b.
Create a scheduled task that executes the tool during low monitoring periods when the EDR solution performs routine maintenance
c.
Use reflective DLL injection to load the tool into memory from an existing trusted process
d.
Rename the tool's executable to match a legitimate Windows system binary and place it in System32 folder
Advanced