Evading EDR : sensors, telemetry, and how to bypass them /

"Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Hand, Matt (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: San Francisco, CA : No Starch Press, [2024]
Temas:
Microsoft Windows (Computer file)
Penetration testing (Computer security)
Intrusion detection systems (Computer security)
Computer security > Computer programs.
Computer networks > Security measures > Data processing.
Operating systems (Computers) > Protection.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • EDR-chitecture
  • Function-hooking DLLs
  • Thread and process notifications
  • Object notifications
  • Image-load and registry notifications
  • Minifilters
  • Network filter drivers
  • Event tracing for Windows
  • Scanners
  • Antimalware scan interface
  • Early launch anti-malware drivers
  • Microsoft-Windows-threat-intelligence
  • A detection-aware attack.

Ejemplares similares