@mttaggart As much as I like to bash endpoint security the title is a gross oversimplification of the problem: EDR is very much in the way while you 1. gain initial access 2. elevate your privileges 3. load a malicious kernel driver. And even after this you pwn'd 1 machine, and EDR is active on most lateral movement targets (I'd be also very interested in how "abuse this [local] kernel-level access to move laterally within the network" could be implemented in practice...).