Defeating Next-Gen AV and EDR Using Old Tricks On New Dogs

Presented at THOTCON 0xA (2019), May 3, 2019, 1 p.m. (50 minutes).

Next-Gen AV and EDR are the new hotness on the scene this year. They promise to put the bad guys and the red team in their place through increased endpoint detection and response. What they don't do that even traditional AV has had issues with is self-protection. This talk will go into the ways in which next-gen AV such as Cylance Protect and EDR like Windows Defender ATP can be defeated using simple tricks that have worked against AV for decades. Rather than attempt to hide from them, attacking them head on through gaps in self-protection mechanisms seems to be the best bang for the buck.


Presenters:

  • Steve Eisen
    Steve and Nick come from a long line of Steve's and Nick's respectively. They enjoy candlelit dinners, and bios longer than 140 characters.
  • Nick Lehman
    Steve and Nick come from a long line of Steve's and Nick's respectively. They enjoy candlelit dinners, and bios longer than 140 characters.

Similar Presentations: