By the Persistent Security Research Team - May 2026 Process Injection - MITRE ATT&CK T1055.002 Last time, we loaded mimikatz entirely from memory without Defender noticing. This time, we take the next step: cross-process injection into one of Windows' most sensitive processes to check if AV or EDRs will catch this! We inject a .NET CLR runtime into winlogon.exe, read stored credentials from registry, and exfiltrate them over DNS - all without triggering a single Defender aler

By the Persistent Security Research Team - April 2026 Portable Executable Injection - MITRE ATT&CK T1055.002 When Defender sees mimikatz, it kills it. On disk, in a ZIP being extracted, in a PowerShell script that references it - the binary has thousands of signatures pointing at it from every angle. Yet it's still one of the most useful tools for red teamers and bad actors alike! So how do you run mimikatz on a fully patched Windows 11 system with Defender at latest signatur

By the Persistent Security Research Team — April 2026 Introducing the Month of Bypasses Today we're launching a new series: the Month of Bypasses. We'll publish bypasses for known MITRE attack techniques on a regular basis over the coming 30 days, each one discovered by AI-driven variant analysis using our Nemesis Breach and Attack Simulation (BAS) platform. Why? Because that's what Defenders are doing right now as well: Using AI automation to revive their proven tool sets. S