Evading Edr: The Definitive Guide to Defeating Endpoint Detection Systems.

Endpoint Detection and Response (EDR) agents are used to monitor network devices for signs of an attack, but security defenders need to understand how they work. This book demystifies EDR by explaining its components, discussing their purpose, and revealing documented evasion strategies for bypassing them. It is a valuable resource for anyone looking to enhance their understanding of EDR and improve their security posture.

Format: Paperback / softback
Length: 312 pages
Publication date: 31 October 2023
Publisher: No Starch Press,US

Endpoint Detection and Response (EDR) agents are widely employed by enterprises to monitor their network devices for indications of an attack. However, it is crucial to note that security defenders often lack a comprehensive understanding of how these systems function. This book aims to demystify EDR by providing a detailed exploration of its mechanisms.

Chapter by chapter, readers will gain a deeper understanding of EDR as a complex software application built around a few fundamental components. The author, with extensive experience as a red team operator, delves into each of the common sensor components, discussing their purpose, explaining their implementation, and showcasing the ways they collect various data points from the Microsoft operating system.

In addition to covering the theoretical aspects of designing an effective EDR, each chapter also unveils documented evasion strategies employed by red teamers to bypass EDRs during their engagements. This comprehensive guide aims to empower security professionals with the knowledge and tools necessary to effectively defend against modern cyber threats.

Weight: 620g
Dimension: 178 x 237 x 24 (mm)
ISBN-13: 9781718503342