This thesis provides an in-depth assessment of Microsoft Defender for Endpoint, Microsoft's Endpoint Detection and Response solution based on open-source malware. It focuses on its ability to detect and mitigate post-exploitation activities commonly used by advanced adversaries. The evaluation is conducted within a controlled scenario where the attacker has already achieved the initial execution of a malicious executable on a target system. This scenario intentionally excludes the initial intrusion vector, such as phishing, unauthorized physical access, or exploitation of vulnerabilities, to concentrate solely on the later stages of an attack lifecycle. Specifically, the study examines malicious actorsʼ mechanisms to establish a persistent and covert connection to compromised systems via Command and Control servers. For this evaluation, four open-source C&C frameworks—Metasploit, Sliver, Havoc, and PoshC2—were selected based on popularity, versatility, and relevance to modern attack methodologies. The thesis systematically explores the effectiveness of Microsoft Defender for Endpoint in detecting and responding to five key post-exploitation techniques employed by these frameworks: direct execution of an executable, dynamic-link library injection, simple shellcode execution, custom shellcode execution, and DLL sideloading with a custom target when applicable. These techniques were chosen to simulate real-world attack scenarios, encompassing a range of complexity and evasion tactics, with their significance and applicability discussed in detail. Through this study, the thesis aims to provide a comprehensive understanding of Microsoft Defender for Endpointʼs defensive capabilities and its effectiveness in mitigating post-exploitation activities facilitated by modern C&C frameworks.