Zum Hauptinhalt springen Zur Suche springen Zur Hauptnavigation springen
Beschreibung
EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it.

Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components.

The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it.

Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components.

The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
Inhaltsverzeichnis
Introduction
Chapter 1: EDR-chitecture
Chapter 2: Function-Hooking DLLs
Chapter 3: Thread and Process Notifications
Chapter 4: Object Notifications
Chapter 5: Image-Load and Registry Notifications
Chapter 6: Minifilters
Chapter 7: Network Filter Drivers
Chapter 8: Event Tracing for Windows
Chapter 9: Scanners
Chapter 10: Anti-Malware Scan Interface
Chapter 11: Early Launch Anti-Malware Drivers
Chapter 12: Microsoft-Windows-Threat-Intelligence
Chapter 13: A Detection-Aware Attack
Appendix
Details
Erscheinungsjahr: 2023
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: Einband - flex.(Paperback)
ISBN-13: 9781718503342
ISBN-10: 1718503342
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Hand, Matt
Hersteller: Random House LLC US
No Starch Press
Verantwortliche Person für die EU: Springer Fachmedien Wiesbaden GmbH, Postfach:15 46, D-65189 Wiesbaden, info@bod.de
Maße: 236 x 183 x 22 mm
Von/Mit: Matt Hand
Erscheinungsdatum: 31.10.2023
Gewicht: 0,615 kg
Artikel-ID: 126791038

Ähnliche Produkte