#Hacktivity2022 // Practical EDR Bypass Methods in 2022 by István Tóth
AV/EDR bypass is always a pain point but a must have of Red Team operations. In this presentation we’ll try to understand how modern EDRs try to detect malicious activities, what are their common methodologies, and we’ll see how Red Teams (and Threat Actors) could bypass these. I’ll show a couple of practical techniques working against current EDR softwares, and present how these techniques could be integrated into Red Teams’ favorite C2 framework (Cobalt Strike) for making operators’ life easier. I’ll also present an attack chain from initial compromise (partly stolen from ongoing attacks in the wild) using a stealthy staging technique, this time with the new hotness: the open source C2 Sliver. https://www.hacktivity.com

▶︎
Silent Intruders: Dissecting EDR Bypass Strategies in APT Attacks - by Chao Wei-Chieh

▶︎
DEF CON 32 - Defeating EDR Evading Malware with Memory Forensics - Case, Sellers, Richard, et al.

▶︎
TR19: Fun with LDAP and Kerberos: Attacking AD from non-Windows machines

▶︎
DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini

▶︎
Keynote: Cobalt Strike Threat Hunting | Chad Tilbury

▶︎
Jfrog | Jfrog Artifactory | Jfrog Artifactory Tutorial | Artifactory Tutorial | Intellipaat

▶︎
#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl

▶︎
The World's Most Important Machine

▶︎
Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser

▶︎
VHDL LS: A Free and Open Source Language Server for VHDL (Lukas Scheller)

▶︎
DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

▶︎
Using NMAP Like a Red Team Operator (OPSEC Matters!)

▶︎
Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL

▶︎
Cloud-native Postgres observability: from client apps to underlying cloud resources / Peter Zaitsev

▶︎
Cybersecurity Architecture: Networks

▶︎
CrikeyCon 2019 - Christopher Vella - Reversing & bypassing EDRs

▶︎
ATT&CK Deep Dive: Process Injection

▶︎
How Kent Beck shapes the software engineering industry

▶︎
Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

▶︎
