all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Kernel Karnage: Patching EDR in Kernel Space

Add to bookmarks
Jan. 24, 2023, 3:45 p.m. | SANS Offensive Operations

SANS Offensive Operations www.youtube.com

SANS PenTest HackFest 2022

Speaker: Sander Forrer, Red Teamer, NVISO

Over time, EDR products have progressed from using techniques in user space to transitioning into kernel space by bringing a kernel component and leveraging kernel callbacks. These kernel callbacks allow EDRs to remain effective even when various bypass methods are used such as unhooking, direct syscalls and more.

This talk will show how these kernel callbacks can be located and manipulated in memory using a malicious kernel driver. We’ll showcase …

bypass edr edrs hackfest kernel memory nviso patching pentest products sans space syscalls techniques

Visit resource

More from www.youtube.com / SANS Offensive Operations

Mastering Adversary Emulation with Caldera: A Practical Guide 2 months, 2 weeks ago | www.youtube.com
adversary adversary emulation application bolster +16
The Second Rule of Hacking: There Are No Rules 2 months, 2 weeks ago | www.youtube.com
attacks block businesses cat +13
From Pentest to Red Team: Overview of The Necessary Skills and Breakdown of Frameworks 2 months, 2 weeks ago | www.youtube.com
dave frameworks guide informative +10
OT Pen-testing: How Not to Sink an Oil Rig 2 months, 2 weeks ago | www.youtube.com
adversary adversary emulation application bolster +19
Fortifying Resilience: An In-Depth Exploration of the Overall Product Security Assessment Poster 2 months, 2 weeks ago | www.youtube.com
assessment attacks author course +16
SANS Pen Test 2024: A Sneak Peek Into All That's in Store! 3 months ago | www.youtube.com
austin cybersecurity cybersecurity innovation cybersecurity training +20
SANS Pen Test 2024: A Sneak Peek Into All That's in Store! 3 months, 1 week ago | www.youtube.com
austin cybersecurity cybersecurity innovation cybersecurity training +20
Learn About SEC565: Red Team Operations and Adversary Emulation 4 months ago | www.youtube.com
adversary adversary emulation course emulation +21
A Compendium of Exploits and Bypasses for eBPF-based Cloud Security 5 months, 2 weeks ago | www.youtube.com
basic cloud cloud security ebpf +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com