Annika Clarke

Hiding in Plain Sight: Weaponizing Developer Applications and Interpreted Languages to Evade Modern EDR

As endpoint detection and response (EDR) solutions evolve to counter traditional intrusion techniques, organizations often develop a false sense of security, relying heavily on these tools to detect and mitigate threats. This presentation challenges that perception by exposing how trusted developer tools, such as IDE extensions, Electron applications, and interpreted language execution environments can be weaponized to bypass the most sophisticated detection mechanisms. These inherent risks posed by trusted applications and developer environments are often critically overlooked. This talk will demonstrate how to exploit this blind trust through bypassing traditional endpoint controls and signature-based detection due to the use of high-level languages like NodeJS and Python to hijack legitimate applications. Attendees will gain insights into how these methods were developed and successfully deployed during real-world red team engagements.