Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How to Bypass AM-PPL & Disable EDRs - A Red Teamer's Story

nullcon via YouTube

Overview

Explore a comprehensive conference talk on bypassing Microsoft's Antimalware Protected Process Light (AM-PPL) technology and disabling Endpoint Detection and Response (EDR) systems. Delve into the research conducted by red team experts Stephen Kho and Juan Sacco on exploiting AM-PPL vulnerabilities to circumvent antivirus and EDR products on Windows systems. Learn about the purpose and effectiveness of AM-PPL, originally introduced in Windows 8.1 to protect trusted services and processes from malicious code. Gain insights into advanced red teaming techniques, vulnerability research, and the potential weaknesses in Windows security mechanisms. Benefit from the speakers' extensive experience in ethical hacking, telecommunications security, and exploit development as they share their findings from a red teamer's perspective.

Syllabus

How To Bypass AM-PPL & Disable EDRs - A Red Teamer's Story-Stephen Kho & Juan Sacco | Nullcon Berlin

Taught by

nullcon

Reviews

Start your review of How to Bypass AM-PPL & Disable EDRs - A Red Teamer's Story

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.