Remember WannaCry? The vuln it used was patched by MS two months prior the attack. Yet it took the world by storm.

Not sure what you want from me, I simply answered the question. Yes I remember WannaCry.

How is it caviar then?

Not the same poster, but one phase of a typical attack inside a corporate network is lateral movement. You find creds on one system and want to use them to log on to a second system. Often, these creds have administrative privileges on the second system. No vulnerabilities are necessary to perform lateral movement.

Just as an example: you use a mechanism similar to psexec to execute commands on the remote system using the SMB service. If the remote system has a capable EDR, it will shut that down and report the system from which the connection came from to the SOC, perhaps automatically isolate it. If it doesn't, an attacker moves laterally through your entire network with ease in no time until they have ___domain admin privs.

A key part of breach a network is having a beacon running on their networks, and communicating out, one way or another.

Running beacons with good EDRs is difficult, and has become the most challenging aspect of most red team engagements because of that.

No EDR, everything becomes suddenly super easy.