Evading EDR - Matt Hand

Evading EDR

The Definitive Guide to Defeating Endpoint Detection Systems.

(Autor)

Buch | Softcover
312 Seiten
2023
No Starch Press,US (Verlag)
978-1-7185-0334-2 (ISBN)
69,95 inkl. MwSt
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box - it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.

Matt Hand is an experienced red team operator with over a decade of experience. His primary areas of focus are in vulnerability research and EDR evasion where he spends a large amount of time conducting independent research, developing tooling, and publishing content. Matt is currently a Service Architect at SpecterOps where he focuses on improving the technical and execution capabilities of the Adversary Simulation team, as well as serving as a subject matter expert on evasion tradecraft.

Introduction
Chapter 1: EDR-chitecture
Chapter 2: Function-Hooking DLLs
Chapter 3: Thread and Process Notifications
Chapter 4: Object Notifications
Chapter 5: Image-Load and Registry Notifications
Chapter 6: Minifilters
Chapter 7: Network Filter Drivers
Chapter 8: Event Tracing for Windows
Chapter 9: Scanners
Chapter 10: Anti-Malware Scan Interface
Chapter 11: Early Launch Anti-Malware Drivers
Chapter 12: Microsoft-Windows-Threat-Intelligence
Chapter 13: A Detection-Aware Attack
Appendix

Erscheinungsdatum
Verlagsort San Francisco
Sprache englisch
Maße 178 x 235 mm
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Theorie / Studium
ISBN-10 1-7185-0334-2 / 1718503342
ISBN-13 978-1-7185-0334-2 / 9781718503342
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
IT-Sicherheit - Claudia Eckert
IT-Sicherheit
Konzepte – Verfahren – Protokolle

von Claudia Eckert

Buch | Hardcover (2023)
De Gruyter Oldenbourg (Verlag)
84,95
auf Facebook teilen
bei Twitter
Link zu dieser Seite kopieren