all InfoSec news
Kernel Karnage: Patching EDR in Kernel Space
Jan. 24, 2023, 3:45 p.m. | SANS Offensive Operations
SANS Offensive Operations www.youtube.com
Speaker: Sander Forrer, Red Teamer, NVISO
Over time, EDR products have progressed from using techniques in user space to transitioning into kernel space by bringing a kernel component and leveraging kernel callbacks. These kernel callbacks allow EDRs to remain effective even when various bypass methods are used such as unhooking, direct syscalls and more.
This talk will show how these kernel callbacks can be located and manipulated in memory using a malicious kernel driver. We’ll showcase …
bypass edr edrs hackfest kernel memory nviso patching pentest products sans space syscalls techniques
More from www.youtube.com / SANS Offensive Operations
The Second Rule of Hacking: There Are No Rules
2 months, 2 weeks ago |
www.youtube.com
OT Pen-testing: How Not to Sink an Oil Rig
2 months, 2 weeks ago |
www.youtube.com
A Compendium of Exploits and Bypasses for eBPF-based Cloud Security
5 months, 2 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC