Defeating Next-Gen AV and EDR Using Old Tricks On New Dogs

Presented at THOTCON 0xA (2019), May 3, 2019, 1 p.m. (50 minutes)

Next-Gen AV and EDR are the new hotness on the scene this year. They promise to put the bad guys and the red team in their place through increased endpoint detection and response. What they don't do that even traditional AV has had issues with is self-protection. This talk will go into the ways in which next-gen AV such as Cylance Protect and EDR like Windows Defender ATP can be defeated using simple tricks that have worked against AV for decades. Rather than attempt to hide from them, attacking them head on through gaps in self-protection mechanisms seems to be the best bang for the buck.

Presenters:

• Nick Lehman
  Steve and Nick come from a long line of Steve's and Nick's respectively. They enjoy candlelit dinners, and bios longer than 140 characters.
• Steve Eisen
  Steve and Nick come from a long line of Steve's and Nick's respectively. They enjoy candlelit dinners, and bios longer than 140 characters.

Similar Presentations:

• Kiwicon 8: It's always 1989 in Computer Security (2014) / Breaking AV software
• DerbyCon 9.0 Finish Line (2019) / Testing Endpoint Protection: How Anyone Can Bypass Next Gen AV
• DerbyCon 9.0 Finish Line (2019) / Defeating Next-Gen AV and EDR: Using Old (And New) Tricks on New Dogs