As businesses evolve to achieve higher security maturity, threat actors and penetration testers must also rise to the challenge. Modern third-party security applications such as Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Windows Defender products, and application allowlists have made offensive tools obsolete. Gone are the days when all a penetration tester needed was a remote shell or desktop connection to extract user data and credentials from local machines and domain controllers. Instead of fighting against signature-based and obfuscation methods, attackers are turning to digital forensics incident response (DFIR) tools, like KAPE, to get the dirty work done for them. After all, you never have to sneak into the party if the bouncer thinks you’re already on the list.