Publicly-reported techniques recorded as bypassing CrowdStrike. Each entry is sourced to its original disclosure. This is a factual tally, maintained on the same basis for every vendor in the Index.
| Technique | Entries | High-confidence | Most recent |
|---|---|---|---|
| Disable or Modify Tools | 5 | 3 | 2025-09-29 |
| BYOVD (Vulnerable Driver) | 4 | 3 | 2026-04-05 |
| EDR Unhooking | 4 | 2 | 2025-12-07 |
| Process Injection | 2 | 2 | 2025-03-05 |
| Valid Accounts | 1 | 1 | 2025-10-07 |
| Exploitation for Priv-Esc | 1 | 1 | 2024-08-19 |
| Tamper-Protection Bypass | 1 | 0 | 2025-06-12 |
| AMSI Bypass | 1 | 1 | 2025-04-15 |
| Technique | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| BYOVD (Vulnerable Driver) | high | 2026-04-05 | threatlabsnews.xcitium.com | record → |
| BYOVD (Vulnerable Driver) | high | 2026-02-24 | blog.silentforce.io | record → |
| BYOVD (Vulnerable Driver) | high | 2026-02-10 | www.gblock.app | record → |
| EDR Unhooking | high | 2025-12-07 | github.com | record → |
| EDR Unhooking | medium | 2025-10-18 | www.brinztech.com | record → |
| Valid Accounts | high | 2025-10-07 | cve.akaoma.com | record → |
| Disable or Modify Tools | high | 2025-09-29 | prevent-ransomware.com | record → |
| Disable or Modify Tools | high | 2025-08-28 | beierle.win | record → |
| EDR Unhooking | medium | 2025-07-13 | github.com | record → |
| Tamper-Protection Bypass | medium | 2025-06-12 | github.com | record → |
| BYOVD (Vulnerable Driver) | medium | 2025-05-30 | threatlabsnews.xcitium.com | record → |
| AMSI Bypass | high | 2025-04-15 | github.com | record → |
| Disable or Modify Tools | high | 2025-03-06 | securityaid.co.uk | record → |
| Process Injection | high | 2025-03-05 | finalfrontiersecurity.com | record → |
| Exploitation for Priv-Esc | high | 2024-08-19 | securityaffairs.com | record → |
| Process Injection | high | 2023-12-08 | securityaffairs.com | record → |
| Disable or Modify Tools | medium | 2023-09-13 | labs.infoguard.ch | record → |
| EDR Unhooking | high | 2023-07-06 | inbits-sec.com | record → |
| Disable or Modify Tools | medium | 2023-06-01 | www.threatlocker.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file, not that a product is unaffected.