This article explores methods to bypass device enrollment restrictions in Microsoft Intune, particularly focusing on how attackers can register fake devices to access corporate resources. It details the enrollment process, the types of restrictions, and specific techniques to circumvent them.

Curing is a proof of concept rootkit that leverages io_uring to perform operations without triggering syscalls, rendering it undetectable by traditional security tools like Linux EDRs. The project, inspired by discussions at the CCC conference, demonstrates how io_uring can be used to bypass syscall-monitoring security measures. It includes a client-server architecture for executing commands such as file reading and writing while remaining invisible to security monitoring.