Publicly-reported techniques recorded as bypassing Sophos. Each entry is sourced to its original disclosure. This is a factual tally, maintained on the same basis for every vendor in the Index.
| Technique | Entries | High-confidence | Most recent |
|---|---|---|---|
| AMSI Bypass | 2 | 1 | 2025-04-15 |
| BYOVD (Vulnerable Driver) | 2 | 2 | 2023-08-16 |
| EDR Unhooking | 2 | 1 | 2025-05-24 |
| Direct Syscalls | 1 | 1 | 2024-07-24 |
| Exploitation for Priv-Esc | 1 | 1 | 2025-04-11 |
| Reflective Code Loading | 1 | 0 | 2025-09-23 |
| Technique | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| Reflective Code Loading | medium | 2025-09-23 | g3tsyst3m.com | record → |
| EDR Unhooking | medium | 2025-05-24 | github.com | record → |
| AMSI Bypass | high | 2025-04-15 | github.com | record → |
| Exploitation for Priv-Esc | high | 2025-04-11 | www.sophos.com | record → |
| AMSI Bypass | medium | 2024-08-02 | github.com | record → |
| Direct Syscalls | high | 2024-07-24 | github.com | record → |
| EDR Unhooking | high | 2023-12-27 | app.daily.dev | record → |
| BYOVD (Vulnerable Driver) | high | 2023-08-16 | jmp-esp.org | record → |
| BYOVD (Vulnerable Driver) | high | 2023-05-31 | www.bleepingcomputer.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file, not that a product is unaffected.