Fr. 95.00

Evading EDR - The Definitive Guide to Defeating Endpoint Detection Systems.

English · Paperback / Softback

Shipping usually within 4 to 7 working days

Description

Read more

Informationen zum Autor Matt Hand Klappentext "Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"-- Zusammenfassung EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it. Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements. Inhaltsverzeichnis Introduction Chapter 1: EDR-chitecture Chapter 2: Function-Hooking DLLs Chapter 3: Thread and Process Notifications Chapter 4: Object Notifications Chapter 5: Image-Load and Registry Notifications Chapter 6: Minifilters Chapter 7: Network Filter Drivers Chapter 8: Event Tracing for Windows Chapter 9: Scanners Chapter 10: Anti-Malware Scan Interface Chapter 11: Early Launch Anti-Malware Drivers Chapter 12: Microsoft-Windows-Threat-Intelligence Chapter 13: A Detection-Aware Attack Appendix...

Product details

Authors Matt Hand
Publisher No Starch Press
 
Languages English
Product format Paperback / Softback
Released 31.10.2023
 
EAN 9781718503342
ISBN 978-1-71850-334-2
No. of pages 312
Dimensions 178 mm x 235 mm x 18 mm
Subjects Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks

COMPUTERS / Security / Viruses & Malware, Computer programming / software engineering, Computer Programming / Software Development, COMPUTERS / Security / Network Security, COMPUTERS / Forensics

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.

Write a review

Thumbs up or thumbs down? Write your own review.

For messages to CeDe.ch please use the contact form.

The input fields marked * are obligatory

By submitting this form you agree to our data privacy statement.