HITB-Invoice-Logo

thank you for joining us!

EDR Evasion Primer for Red Teamers

Date

August 25, 2022

Time

15:00

Track

Main Track

EDRs are everywhere, but relatively little is known about how the tools work and how to effectively circumvent them. We are effectively trusting black boxes to protect our endpoints. This presentation discusses insights on EDR inner workings and evasion options gathered over several years of intense red teaming.

We will cover:

Test lab results: The wide range of EDR choices from terrible to effective; bonus: ZERO DAYS!

Reverse engineering results: How EDRs work internally

Successful attack techniques: EDR evasion methodologies; including:

  • Leverage Windows APIs for injection attacks
  • Unhook functions
  • Implement and masquerade your own syscalls

 

These insights help defenders and testers: Blue teamers will better understand how much to rely on EDR; and red teamers will find an organization’s weakest link more quickly.

 

Speakers

Security Consultant

SRLabs

Jorge is a Security Consultant at SRLabs focused on infrastructure pentesting and Red Teaming. He has deep expertise in Endpoint protection, Malware Development, and Active Directory hacking.

Chief Scientist

SRLabs

Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them. Karsten is the Chief Scientist at SRLabs in Berlin where his professional work includes testing telcos for hacking issues.

Other Talks in This Track