Evading Edr

The Definitive Guide to Defeating Endpoint Detection Systems.

Matt Hand

$140

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

No Starch Press,US
09 January 2024

Computer programming & software development

Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box-it's just a complex software application built around a few easy-to-understand components.

The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.

EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems-and how to evade it.

Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box-it's just a complex software application built around a few easy-to-understand components.

The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.

By: Matt Hand
Imprint: No Starch Press,US
Country of Publication: United States
Dimensions: Height: 235mm, Width: 178mm,
Weight: 369g
ISBN: 9781718503342
ISBN 10: 1718503342
Pages: 312
Publication Date: 09 January 2024
Audience: General/trade , ELT Advanced
Format: Paperback
Publisher's Status: Active

Introduction Chapter 1: EDR-chitecture Chapter 2: Function-Hooking DLLs Chapter 3: Thread and Process Notifications Chapter 4: Object Notifications Chapter 5: Image-Load and Registry Notifications Chapter 6: Minifilters Chapter 7: Network Filter Drivers Chapter 8: Event Tracing for Windows Chapter 9: Scanners Chapter 10: Anti-Malware Scan Interface Chapter 11: Early Launch Anti-Malware Drivers Chapter 12: Microsoft-Windows-Threat-Intelligence Chapter 13: A Detection-Aware Attack Appendix

Matt Hand is an experienced red team operator with over a decade of experience. His primary areas of focus are in vulnerability research and EDR evasion where he spends a large amount of time conducting independent research, developing tooling, and publishing content. Matt is currently a Service Architect at SpecterOps where he focuses on improving the technical and execution capabilities of the Adversary Simulation team, as well as serving as a subject matter expert on evasion tradecraft.

Reviews for Evading Edr: The Definitive Guide to Defeating Endpoint Detection Systems.

"""A great book for red and blue [people]! It is a great resource for anyone who wants to learn more about how EDRs work and Windows internals with a security perspective."" —Olaf Hartong, @olafhartong, researcher at FalconForce ""If you spend any time around EDR's, or are just interested in how they work... this book is an invaluable addition to your collection."" —Adam Chester, @_xpn_, RedTeamer at TrustedSec"