Bind Link – EDR Tampering

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/offensive-security/ingested/Bind Link – EDR Tampering.md.

Status: integrated

Excerpt

The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to Microsoft it should be used to improve application compatibility by making files stored in a network share appear as local or in scenarios where an application requires files from a different location to…