all InfoSec news
Kernel Karnage: Patching EDR in Kernel Space
Jan. 24, 2023, 3:45 p.m. | SANS Offensive Operations
SANS Offensive Operations www.youtube.com
Speaker: Sander Forrer, Red Teamer, NVISO
Over time, EDR products have progressed from using techniques in user space to transitioning into kernel space by bringing a kernel component and leveraging kernel callbacks. These kernel callbacks allow EDRs to remain effective even when various bypass methods are used such as unhooking, direct syscalls and more.
This talk will show how these kernel callbacks can be located and manipulated in memory using a malicious kernel driver. We’ll showcase …
bypass edr edrs hackfest kernel memory nviso patching pentest products sans space syscalls techniques
More from www.youtube.com / SANS Offensive Operations
The Second Rule of Hacking: There Are No Rules
1 week, 6 days ago |
www.youtube.com
OT Pen-testing: How Not to Sink an Oil Rig
1 week, 6 days ago |
www.youtube.com
A Compendium of Exploits and Bypasses for eBPF-based Cloud Security
3 months, 1 week ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Azure Security Architect
@ First Quality | Remote US - Eastern or Central Timezone
Staff Security Researcher (Network Protocols)
@ Palo Alto Networks | Santa Clara, CA, United States
Senior Product Manager - Endpoint Security
@ Ivanti | Bengaluru, India
Penetration Tester
@ Lostar | İstanbul, Türkiye