1 option
Evading EDR : sensors, telemetry, and how to bypass them / by Matt Hand.
- Format:
- Book
- Author/Creator:
- Hand, Matt, author.
- Language:
- English
- Subjects (All):
- Penetration testing (Computer security).
- Intrusion detection systems (Computer security).
- Computer security--Computer programs.
- Computer security.
- Computer networks--Security measures--Data processing.
- Computer networks.
- Operating systems (Computers)--Protection.
- Operating systems (Computers).
- Microsoft Windows (Computer file).
- Physical Description:
- 1 online resource
- Place of Publication:
- San Francisco, CA : No Starch Press, [2024]
- Summary:
- "Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"-- Provided by publisher.
- Contents:
- EDR-chitecture
- Function-hooking DLLs
- Thread and process notifications
- Object notifications
- Image-load and registry notifications
- Minifilters
- Network filter drivers
- Event tracing for Windows
- Scanners
- Antimalware scan interface
- Early launch anti-malware drivers
- Microsoft-Windows-threat-intelligence
- A detection-aware attack.
- Notes:
- OCLC-licensed vendor bibliographic record.
- ISBN:
- 9781098168742
- 1098168747
- OCLC:
- 1393305912
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.