Dive into a comprehensive conference talk on Endpoint Detection and Response (EDR) evasion techniques for red teamers. Explore the inner workings of EDRs and learn effective circumvention methods gathered from years of intense red teaming experience. Discover test lab results comparing various EDR solutions, including zero-day vulnerabilities. Gain insights from reverse engineering efforts to understand EDR internal operations. Master successful attack techniques and EDR evasion methodologies, such as leveraging Windows APIs for injection attacks, unhooking functions, and implementing custom syscalls. Benefit from valuable insights that will help both defenders and testers better understand EDR reliance and identify organizational weak points more efficiently. Presented by Jorge Gimenez, a Security Consultant specializing in infrastructure pentesting and Red Teaming, and Karsten Nohl, a cryptographer and security researcher with expertise in breaking proprietary systems.
Overview
Syllabus
#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl
Taught by
Hack In The Box Security Conference