Loading cart contents...
Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.
44.00 JOD
Please allow 2 – 5 weeks for delivery of this item
Add to Gift RegistryDescription
EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it.Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn’t mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components.The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
Additional information
| Weight | 0.7 kg |
|---|---|
| Dimensions | 1.8 × 17.8 × 23.5 cm |
| PubliCanadation City/Country | USA |
| Author(s) | |
| Format Old` | |
| Language | |
| Pages | 312 |
| Publisher | |
| Year Published | 2023-10-31 |
| Imprint | |
| ISBN 10 | 1718503342 |
| About The Author | Matt Hand is an experienced red team operator with over a decade of experience. His primary areas of focus are in vulnerability research and EDR evasion where he spends a large amount of time conducting independent research, developing tooling, and publishing content. Matt is currently a Service Architect at SpecterOps where he focuses on improving the technical and execution capabilities of the Adversary Simulation team, as well as serving as a subject matter expert on evasion tradecraft. |
"A great book for red and blue [people]! It is a great resource for anyone who wants to learn more about how EDRs work and Windows internals with a security perspective."—Olaf Hartong, @olafhartong, researcher at FalconForce"If you spend any time around EDR's, or are just interested in how they work… this book is an invaluable addition to your collection."—Adam Chester, @_xpn_, RedTeamer at TrustedSec"A masterclass in understanding EDR internals…a very relevant handbook for both attackers and defenders to learn about the strengths, but also limitations and blind spots of EDR software."—Arris Huijgen, @bitsadmin |
|
| Table Of Content | IntroductionChapter 1: EDR-chitectureChapter 2: Function-Hooking DLLsChapter 3: Thread and Process NotificationsChapter 4: Object NotificationsChapter 5: Image-Load and Registry NotificationsChapter 6: MinifiltersChapter 7: Network Filter DriversChapter 8: Event Tracing for WindowsChapter 9: ScannersChapter 10: Anti-Malware Scan InterfaceChapter 11: Early Launch Anti-Malware DriversChapter 12: Microsoft-Windows-Threat-IntelligenceChapter 13: A Detection-Aware AttackAppendix |
Only logged in customers who have purchased this product may leave a review.
Related products
-
![Coding with Scratch]()
On backorder 2-5 Weeks to Arrive
Add to Gift Registry8.99 JOD -
![Troublemakers: Silicon Valley's Coming of Age]()
On backorder 2-5 Weeks to Arrive
Add to Gift Registry -
![Workplaces of the Future]()
On backorder 2-5 Weeks to Arrive
Add to Gift Registry59.99 JOD -
![Property Valuation Techniques]()
On backorder 2-5 Weeks to Arrive
Add to Gift Registry54.99 JOD
Reviews
There are no reviews yet.