#Hacktivity2022 // Practical EDR Bypass Methods in 2022 by István Tóth

AV/EDR bypass is always a pain point but a must have of Red Team operations. In this presentation we’ll try to understand how modern EDRs try to detect malicious activities, what are their common methodologies, and we’ll see how Red Teams (and Threat Actors) could bypass these. I’ll show a couple of practical techniques working against current EDR softwares, and present how these techniques could be integrated into Red Teams’ favorite C2 framework (Cobalt Strike) for making operators’ life easier. I’ll also present an attack chain from initial compromise (partly stolen from ongoing attacks in the wild) using a stealthy staging technique, this time with the new hotness: the open source C2 Sliver. https://www.hacktivity.com

Silent Intruders: Dissecting EDR Bypass Strategies in APT Attacks - by Chao Wei-Chieh
▶︎

Silent Intruders: Dissecting EDR Bypass Strategies in APT Attacks - by Chao Wei-Chieh

DEF CON 32 - Defeating EDR Evading Malware with Memory Forensics - Case, Sellers, Richard, et al.
▶︎

DEF CON 32 - Defeating EDR Evading Malware with Memory Forensics - Case, Sellers, Richard, et al.

TR19: Fun with LDAP and Kerberos: Attacking AD from non-Windows machines
▶︎

TR19: Fun with LDAP and Kerberos: Attacking AD from non-Windows machines

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
▶︎

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini

Keynote: Cobalt Strike Threat Hunting | Chad Tilbury
▶︎

Keynote: Cobalt Strike Threat Hunting | Chad Tilbury

Jfrog | Jfrog Artifactory | Jfrog Artifactory Tutorial | Artifactory Tutorial | Intellipaat
▶︎

Jfrog | Jfrog Artifactory | Jfrog Artifactory Tutorial | Artifactory Tutorial | Intellipaat

#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl
▶︎

#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl

The World's Most Important Machine
▶︎

The World's Most Important Machine

Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser
▶︎

Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser

VHDL LS: A Free and Open Source Language Server for VHDL (Lukas Scheller)
▶︎

VHDL LS: A Free and Open Source Language Server for VHDL (Lukas Scheller)

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Using NMAP Like a Red Team Operator (OPSEC Matters!)
▶︎

Using NMAP Like a Red Team Operator (OPSEC Matters!)

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL
▶︎

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL

Cloud-native Postgres observability: from client apps to underlying cloud resources / Peter Zaitsev
▶︎

Cloud-native Postgres observability: from client apps to underlying cloud resources / Peter Zaitsev

Cybersecurity Architecture: Networks
▶︎

Cybersecurity Architecture: Networks

CrikeyCon 2019 - Christopher Vella - Reversing & bypassing EDRs
▶︎

CrikeyCon 2019 - Christopher Vella - Reversing & bypassing EDRs

ATT&CK Deep Dive: Process Injection
▶︎

ATT&CK Deep Dive: Process Injection

How Kent Beck shapes the software engineering industry
▶︎

How Kent Beck shapes the software engineering industry

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

11. Evasion in Depth - Techniques Across the Kill-Chain by Mariusz Banach
▶︎

11. Evasion in Depth - Techniques Across the Kill-Chain by Mariusz Banach