2022-10-30, 11:00–11:50, Track 2
This talk is covering some of the tricks and tools that can be used to successfully perform a red team engagement in a world where the EDR will do everything to stop you.
The talk is covering some interesting techniques that can be used to defeat the EDR in place, hide from it or simply ensure that your actions are not monitored by the solution in place.
From abusing of the TrustedInstaller privilege to re-implementing your own LoadLibrary, we will understand how the current technique can be adapted to avoid detection in a real world red team scenario.
Get ready to do some assembly, understand Windows Internal and understand what we are facing as red teamers.
No user-mode hooking, ETW and kernel callback will be able to stop you.