This document discusses techniques for bypassing endpoint detection and response (EDR) systems using living off the land binaries and macros. It describes what telemetry EDR systems collect and common evasion techniques like using bitsadmin, certutil, and installutil to download files, encode payloads, and execute code. The document warns that these system utilities could be abused to evade detection if used atypically and provides examples of abnormal usage patterns that security teams should watch out for.