10-30, 11:00–11:50 (Canada/Eastern), Track 2
Language: English
This talk is covering some of the tricks and tools that can be used to successfully perform a red team engagement in a world where the EDR will do everything to stop you.
The talk is covering some interesting techniques that can be used to defeat the EDR in place, hide from it or simply ensure that your actions are not monitored by the solution in place.
From abusing of the TrustedInstaller privilege to re-implementing your own LoadLibrary, we will understand how the current technique can be adapted to avoid detection in a real world red team scenario.
Get ready to do some assembly, understand Windows Internal and understand what we are facing as red teamers.
No user-mode hooking, ETW and kernel callback will be able to stop you.
Charles Hamilton is a Red Teamer, with more than ten years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the InfoSec industry under the handle of Mr.Un1k0d3r.