Watch the stream
May 15 01:00 PM EDT
Talks will be streamed on YouTube and Twitch for free.
Endpoint Detection & Response (EDR) tools are becoming more and more sophisticated, requiring attackers (both good & evil) to work ever harder to subvert them. This talk will address the architecture of EDR solutions (with a focus on kernel-mode components), the various sources of telemetry, and how an attacker can leverage 3rd-party vulnerable drivers to blind an EDR agent. The audience should walk away with a deeper understanding of the inner workings, capabilities, and limitations of market-leading EDR tools.
Jake Mayhew , White Knight Labs
Jake Mayhew is an experienced information security professional who currently serves as the technical lead for the offensive security team at UPMC. Before serving on an internal red team, he spent several years in consulting delivering security tests for clients in finance, healthcare, retail, critical infrastructure/nuclear energy, and law. He holds the OSCE3 (OSED, OSWE, OSEP), OSCP, CRTO, and OSDA certifications and loves to assist others in their cybersecurity learning path. Jake is one of the founding members of Applied Technology Academy's Asymmetric Training Group (ATG), and has a passion for sharing real-world knowledge and cutting-edge solutions with his students. Jake has led & co-led offensive security trainings including the PEN-200 OSCP training at BlackHat USA.