EDR-chitecture -- Function-hooking DLLs -- Thread and process notifications -- Object notifications -- Image-load and registry notifications -- Minifilters -- Network filter drivers -- Event tracing for Windows -- Scanners -- Antimalware scan interface -- Early launch anti-malware drivers -- Microsoft-Windows-threat-intelligence -- A detection-aware attack
Summary
"Introduces readers to the most common components of EDR systems, including function hooking, callback notifications, Event Tracing for Windows, and filesystem minifilters, by explaining how they are implemented and how they collect various data points. Covers documented evasion strategies for bypassing detections and describes how defenders might protect themselves"-- Provided by publisher
Bibliography
Includes bibliographical references and index
Notes
Description based on print version record and CIP data provided by publisher; resource not viewed
