Title Evading EDR : sensors, telemetry, and how to bypass them / by Matt Hand. [O'Reilly electronic resource]

Publication Info.

San Francisco, CA : No Starch Press, [2024]

To Access:
Available on O'Reilly for Public Libraries

Bookmark link: https://library.naperville-lib.org:444/record=b3195205~S1

QR Code

Description	1 online resource
Bibliography	Includes bibliographical references and index.
Contents	EDR-chitecture -- Function-hooking DLLs -- Thread and process notifications -- Object notifications -- Image-load and registry notifications -- Minifilters -- Network filter drivers -- Event tracing for Windows -- Scanners -- Antimalware scan interface -- Early launch anti-malware drivers -- Microsoft-Windows-threat-intelligence -- A detection-aware attack.
Summary	"Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"-- Provided by publisher.
Subject	Microsoft Windows (Computer file)
	Penetration testing (Computer security)
	Intrusion detection systems (Computer security)
	Computer security -- Computer programs.
	Computer networks -- Security measures -- Data processing.
	Operating systems (Computers) -- Protection.
	Tests d'intrusion.
	Systèmes de détection d'intrusion (Sécurité informatique)
	Sécurité informatique -- Logiciels.
	Réseaux d'ordinateurs -- Sécurité -- Mesures -- Informatique.
	Systèmes d'exploitation (Ordinateurs) -- Protection.
Added Title	Evading endpoint detection and response
Other Form:	Print version: Hand, Matt. Evading EDR San Francisco, CA : No Starch Press, [2024] 9781718503342 (DLC) 2023016498
ISBN	9781718503359 (ebook)
	1718503350
	(print)

Patron reviews: add a review

You can...

Copies