Publicly-reported techniques recorded as bypassing Palo Alto Networks. Each entry is sourced to its original disclosure. This is a factual tally, maintained on the same basis for every vendor in the Index.
| Technique | Entries | High-confidence | Most recent |
|---|---|---|---|
| Disable or Modify Tools | 6 | 6 | 2025-03-19 |
| AMSI Bypass | 3 | 2 | 2025-06-18 |
| Tamper-Protection Bypass | 3 | 3 | 2025-02-07 |
| BYOVD (Vulnerable Driver) | 3 | 3 | 2026-02-10 |
| EDR Unhooking | 2 | 0 | 2025-10-18 |
| Exploitation for Priv-Esc | 2 | 2 | 2026-06-01 |
| Indicator Removal | 1 | 1 | 2026-03-17 |
| Masquerading | 1 | 1 | 2026-02-25 |
| Technique | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| Exploitation for Priv-Esc | high | 2026-06-01 | cyberscoop.com | record → |
| Indicator Removal | high | 2026-03-17 | gbhackers.com | record → |
| Masquerading | high | 2026-02-25 | healsecurity.com | record → |
| BYOVD (Vulnerable Driver) | high | 2026-02-10 | www.gblock.app | record → |
| EDR Unhooking | medium | 2025-10-18 | www.brinztech.com | record → |
| AMSI Bypass | high | 2025-06-18 | medium.com | record → |
| EDR Unhooking | medium | 2025-05-24 | github.com | record → |
| Exploitation for Priv-Esc | high | 2025-05-14 | security.paloaltonetworks.com | record → |
| AMSI Bypass | high | 2025-04-15 | github.com | record → |
| Disable or Modify Tools | high | 2025-03-19 | security.paloaltonetworks.com | record → |
| Disable or Modify Tools | high | 2025-02-12 | security.paloaltonetworks.com | record → |
| Tamper-Protection Bypass | high | 2025-02-07 | github.com | record → |
| BYOVD (Vulnerable Driver) | high | 2024-11-01 | unit42.paloaltonetworks.com | record → |
| Disable or Modify Tools | high | 2024-10-15 | feedly.com | record → |
| Disable or Modify Tools | high | 2024-08-07 | feedly.com | record → |
| AMSI Bypass | medium | 2024-08-02 | github.com | record → |
| Tamper-Protection Bypass | high | 2024-07-10 | security.paloaltonetworks.com | record → |
| Disable or Modify Tools | high | 2024-06-12 | blog.scrt.ch | record → |
| Tamper-Protection Bypass | high | 2024-04-19 | www.darkreading.com | record → |
| BYOVD (Vulnerable Driver) | high | 2023-09-22 | securityonline.info | record → |
| Disable or Modify Tools | high | 2023-07-07 | github.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file, not that a product is unaffected.