Explore a comprehensive conference talk on bypassing Microsoft's Antimalware Protected Process Light (AM-PPL) technology and disabling Endpoint Detection and Response (EDR) systems. Delve into the research conducted by red team experts Stephen Kho and Juan Sacco on exploiting AM-PPL vulnerabilities to circumvent antivirus and EDR products on Windows systems. Learn about the purpose and effectiveness of AM-PPL, originally introduced in Windows 8.1 to protect trusted services and processes from malicious code. Gain insights into advanced red teaming techniques, vulnerability research, and the potential weaknesses in Windows security mechanisms. Benefit from the speakers' extensive experience in ethical hacking, telecommunications security, and exploit development as they share their findings from a red teamer's perspective.
Overview
Syllabus
How To Bypass AM-PPL & Disable EDRs - A Red Teamer's Story-Stephen Kho & Juan Sacco | Nullcon Berlin
Taught by
nullcon