Evading EDR, sensors, telemetry, and how to bypass them, by Matt Hand
Type
Label
Evading EDR, sensors, telemetry, and how to bypass them, by Matt Hand
Language
eng
Bibliography note
Includes bibliographical references and index
Index
index present
Literary Form
non fiction
Main title
Evading EDR
Nature of contents
bibliographydictionaries
Oclc number
11393305912
Responsibility statement
by Matt Hand
Sub title
sensors, telemetry, and how to bypass them
Summary
"Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"--, Provided by publisher
Table Of Contents
EDR-chitecture -- Function-hooking DLLs -- Thread and process notifications -- Object notifications -- Image-load and registry notifications -- Minifilters -- Network filter drivers -- Event tracing for Windows -- Scanners -- Antimalware scan interface -- Early launch anti-malware drivers -- Microsoft-Windows-threat-intelligence -- A detection-aware attack
resource.variantTitle
Evading endpoint detection and response