Evading EDR : sensors, telemetry, and how to bypass them /

"Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Hand, Matt (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: San Francisco, CA : No Starch Press, [2024]
Temas:
Microsoft Windows (Computer file)
Penetration testing (Computer security)
Intrusion detection systems (Computer security)
Computer security > Computer programs.
Computer networks > Security measures > Data processing.
Operating systems (Computers) > Protection.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a22000008i 4500
001 OR_on1393305912
003 OCoLC
005 20231017213018.0
006 m o d
007 cr |||||||||||
008 230410s2024 cau ob 001 0 eng
010 |a  2023016499 
040 |a DLC  |b eng  |e rda  |c DLC  |d ORMDA 
019 |a 1393306852 
020 |a 9781718503359  |q (ebook) 
020 |a 1718503350 
020 |z 9781718503342  |q (print) 
035 |a (OCoLC)1393305912  |z (OCoLC)1393306852 
037 |a 9781098168742  |b O'Reilly Media 
042 |a pcc 
050 0 0 |a QA76.9.A25 
082 0 0 |a 005.8  |2 23/eng/20230811 
049 |a UAMI 
100 1 |a Hand, Matt,  |e author. 
245 1 0 |a Evading EDR :  |b sensors, telemetry, and how to bypass them /  |c by Matt Hand. 
246 3 |a Evading endpoint detection and response 
263 |a 2310 
264 1 |a San Francisco, CA :  |b No Starch Press,  |c [2024] 
300 |a 1 online resource 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
504 |a Includes bibliographical references and index. 
505 0 |a EDR-chitecture -- Function-hooking DLLs -- Thread and process notifications -- Object notifications -- Image-load and registry notifications -- Minifilters -- Network filter drivers -- Event tracing for Windows -- Scanners -- Antimalware scan interface -- Early launch anti-malware drivers -- Microsoft-Windows-threat-intelligence -- A detection-aware attack. 
520 |a "Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"--  |c Provided by publisher. 
588 |a Description based on print version record and CIP data provided by publisher; resource not viewed. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
630 0 0 |a Microsoft Windows (Computer file) 
650 0 |a Penetration testing (Computer security) 
650 0 |a Intrusion detection systems (Computer security) 
650 0 |a Computer security  |x Computer programs. 
650 0 |a Computer networks  |x Security measures  |x Data processing. 
650 0 |a Operating systems (Computers)  |x Protection. 
776 0 8 |i Print version:  |a Hand, Matt.  |t Evading EDR  |d San Francisco, CA : No Starch Press, [2024]  |z 9781718503342  |w (DLC) 2023016498 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781098168742/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
994 |a 92  |b IZTAP 

Ejemplares similares