Description
| Product ID: | 9781718503342 |
| Product Form: | Paperback / softback |
| Country of Manufacture: | GB |
| Title: | Evading Edr |
| Subtitle: | The Definitive Guide to Defeating Endpoint Detection Systems. |
| Authors: | Author: Matt Hand |
| Page Count: | 312 |
| Subjects: | Computer programming / software engineering, Computer programming / software development |
| Description: | Select Guide Rating Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box - it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements. Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn''t mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you''ll learn that EDR is not a magical black box - it''s just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements. |
| Imprint Name: | No Starch Press,US |
| Publisher Name: | No Starch Press,US |
| Country of Publication: | GB |
| Publishing Date: | 2023-10-31 |
