Hoang Bui: Bypass EDR’s Memory Protection, Introduction to Hooking Rui Reis (fdiskyou): Windows Kernel Ps Callbacks Experiments William Burgess: Red Teaming in the EDR AgeīatSec: Universally Evading Sysmon and ETW How to disable process, threads and image-loading detection callbacks Jackson T: A Guide to Reversing and Evading EDRsĬrike圜on 2019 - Reversing & bypassing EDRs If you are interested to go deeper, be sure to check out the following research (in no particular order): Below are some write-ups and talks that really helped me gain the understanding needed and hit the ground running on the research that will be presented here. My understanding of EDRs would not be possible without the help of many great security researchers.
