Came up with a new EDR bypass technique that makes it possible to block the EDR from loading its DLL into our process, preventing any user mode hooks from being deployed.
I've currently tested it with a few major EDRs, but it should theoretically work against most with only a few small tweaks.
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html