Matt Hand - Evading EDR - The Definitive Guide to Defeating Endpoint Detection Systems.

Schreibe die erste Bewertung!

Fr. 95.00

Matt Hand

Evading EDR - The Definitive Guide to Defeating Endpoint Detection Systems.

Englisch · Taschenbuch

Versand in der Regel in 4 bis 7 Arbeitstagen

Beschreibung

Mehr lesen

Informationen zum Autor Matt Hand Klappentext "Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"-- Zusammenfassung EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it. Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements. Inhaltsverzeichnis Introduction Chapter 1: EDR-chitecture Chapter 2: Function-Hooking DLLs Chapter 3: Thread and Process Notifications Chapter 4: Object Notifications Chapter 5: Image-Load and Registry Notifications Chapter 6: Minifilters Chapter 7: Network Filter Drivers Chapter 8: Event Tracing for Windows Chapter 9: Scanners Chapter 10: Anti-Malware Scan Interface Chapter 11: Early Launch Anti-Malware Drivers Chapter 12: Microsoft-Windows-Threat-Intelligence Chapter 13: A Detection-Aware Attack Appendix...

Produktdetails

Autoren Matt Hand
Verlag No Starch Press
 
Sprache Englisch
Produktform Taschenbuch
Erschienen 31.10.2023
 
EAN 9781718503342
ISBN 978-1-71850-334-2
Seiten 312
Abmessung 178 mm x 235 mm x 18 mm
Themen Naturwissenschaften, Medizin, Informatik, Technik > Informatik, EDV > Datenkommunikation, Netzwerke

COMPUTERS / Security / Viruses & Malware, Computer programming / software engineering, Computer Programming / Software Development, COMPUTERS / Security / Network Security, COMPUTERS / Forensics

Kundenrezensionen

Zu diesem Artikel wurden noch keine Rezensionen verfasst. Schreibe die erste Bewertung und sei anderen Benutzern bei der Kaufentscheidung behilflich.

Schreibe eine Rezension

Top oder Flop? Schreibe deine eigene Rezension.

Für Mitteilungen an CeDe.ch kannst du das Kontaktformular benutzen.

Die mit * markierten Eingabefelder müssen zwingend ausgefüllt werden.

Mit dem Absenden dieses Formulars erklärst du dich mit unseren Datenschutzbestimmungen einverstanden.