A01=Matt Hand
Age Group_Uncategorized
Age Group_Uncategorized
antivirus
Author_Matt Hand
automatic-update
Category1=Non-Fiction
Category=UM
cloud computing
computer
computer books
computer networking
computer networks
computer security
computers
COP=United States
cyber security
cyber security books
cybersecurity
cybersecurity gifts
Delivery_Delivery within 10-20 working days
EDR
engineer
eq_bestseller
eq_computing
eq_isMigrated=2
eq_nobargain
eq_non-fiction
geeky gifts
gifts for geeks
gifts for nerds
gifts for software engineers
hackers
hacking
hacking books
Language_English
malware
malware analysis
Microsoft
Microsoft Defender
network
network security
networking
PA=In stock
penetration test
penetration testing
Price_€50 to €100
privacy
PS=Active
security
softlaunch
software
STEM gifts
tech
tech gifts
technology
Windows
Product details
- ISBN 9781718503342
- Dimensions: 178 x 235mm
- Publication Date: 31 Oct 2023
- Publisher: No Starch Press,US
- Publication City/Country: US
- Product Form: Paperback
- Language: English
Secure
checkout
Fast Shipping
Easy returns
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box - it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
Matt Hand is an experienced red team operator with over a decade of experience. His primary areas of focus are in vulnerability research and EDR evasion where he spends a large amount of time conducting independent research, developing tooling, and publishing content. Matt is currently a Service Architect at SpecterOps where he focuses on improving the technical and execution capabilities of the Adversary Simulation team, as well as serving as a subject matter expert on evasion tradecraft.
