Publicly-reported techniques recorded as bypassing SentinelOne. Each entry is sourced to its original disclosure. This is a factual tally, maintained on the same basis for every vendor in the Index.
| Technique | Entries | High-confidence | Most recent |
|---|---|---|---|
| BYOVD (Vulnerable Driver) | 5 | 4 | 2026-03-26 |
| Disable or Modify Tools | 4 | 3 | 2025-11-17 |
| EDR Unhooking | 2 | 1 | 2025-12-07 |
| Tamper-Protection Bypass | 1 | 1 | 2025-05-05 |
| DLL Side-Loading | 1 | 1 | 2026-05-14 |
| AMSI Bypass | 1 | 1 | 2024-02-12 |
| Process Injection | 1 | 1 | 2023-12-08 |
| Technique | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| DLL Side-Loading | high | 2026-05-14 | cybersecuritynews.com | record → |
| BYOVD (Vulnerable Driver) | high | 2026-03-26 | labs.cloudsecurityalliance.org | record → |
| BYOVD (Vulnerable Driver) | high | 2026-02-24 | blog.silentforce.io | record → |
| EDR Unhooking | high | 2025-12-07 | github.com | record → |
| Disable or Modify Tools | high | 2025-11-17 | cyberpress.org | record → |
| Disable or Modify Tools | high | 2025-08-28 | beierle.win | record → |
| BYOVD (Vulnerable Driver) | medium | 2025-08-07 | mine2.io | record → |
| EDR Unhooking | medium | 2025-07-13 | github.com | record → |
| Tamper-Protection Bypass | high | 2025-05-05 | www.bleepingcomputer.com | record → |
| BYOVD (Vulnerable Driver) | high | 2024-07-16 | trustedsec.com | record → |
| AMSI Bypass | high | 2024-02-12 | www.linkedin.com | record → |
| Process Injection | high | 2023-12-08 | securityaffairs.com | record → |
| Disable or Modify Tools | high | 2023-09-13 | labs.infoguard.ch | record → |
| Disable or Modify Tools | medium | 2023-06-01 | www.threatlocker.com | record → |
| BYOVD (Vulnerable Driver) | high | 2023-05-31 | www.bleepingcomputer.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file, not that a product is unaffected.