research poc
Red Team Evasion of Cortex XDR via COM Profiler Injection and AMSI BypassCortex XDR COM Profiler AMSI Bypass
A red team engagement demonstrated a multi-stage evasion chain against Cortex XDR, bypassing PowerShell execution policies, injecting a malicious .NET profiler via COM hooks, and disabling AMSI in memory without admin privileges. The attack went undetected by default Cortex XDR analytics, prompting a forensic report to the vendor and subsequent patching.