MOMENTAN AUSVERKAUFT
Über dieses Produkt
Product Identifiers
PublisherNo Starch Press, Incorporated
ISBN-101718503342
ISBN-139781718503342
eBay Product ID (ePID)17061840503
Product Key Features
Number of Pages312 Pages
Publication NameEvading Edr : the Definitive Guide to Defeating Endpoint Detection Systems
LanguageEnglish
SubjectSecurity / Viruses & Malware, General, Security / Networking
Publication Year2023
TypeTextbook
AuthorMatt Hand
Subject AreaMathematics, Computers
FormatTrade Paperback
Dimensions
Item Height0.7 in
Item Weight21.6 Oz
Item Length9.2 in
Item Width7 in
Additional Product Features
Intended AudienceTrade
LCCN2023-016498
Reviews"A great book for red and blue [people]! It is a great resource for anyone who wants to learn more about how EDRs work and Windows internals with a security perspective." --Olaf Hartong, @olafhartong, researcher at FalconForce, "A great book for red and blue [people]! It is a great resource for anyone who wants to learn more about how EDRs work and Windows internals with a security perspective." --Olaf Hartong, @olafhartong, researcher at FalconForce "If you spend any time around EDR's, or are just interested in how they work... this book is an invaluable addition to your collection." -- Adam Chester, @_xpn_, RedTeamer at TrustedSec
IllustratedYes
Table Of ContentIntroduction Chapter 1: EDR-chitecture Chapter 2: Function-Hooking DLLs Chapter 3: Thread and Process Notifications Chapter 4: Object Notifications Chapter 5: Image-Load and Registry Notifications Chapter 6: Minifilters Chapter 7: Network Filter Drivers Chapter 8: Event Tracing for Windows Chapter 9: Scanners Chapter 10: Anti-Malware Scan Interface Chapter 11: Early Launch Anti-Malware Drivers Chapter 12: Microsoft-Windows-Threat-Intelligence Chapter 13: A Detection-Aware Attack Appendix
SynopsisEDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems--and how to evade it. Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box--it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements., EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems-and how to evade it. Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box-it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
LC Classification NumberQA76.9.A25H348 2024
