Watch the stream
Endpoint Detection & Response (EDR) tools are becoming more and more sophisticated, requiring attackers (both good & evil) to work ever harder to subvert them. This talk will address the architecture of EDR solutions (with a focus on kernel-mode components), the various sources of telemetry, and how an attacker can leverage 3rd-party vulnerable drivers to blind an EDR agent. The audience should walk away with a deeper understanding of the inner workings, capabilities, and limitations of market-leading EDR tools.