Series: A Journey in EDR-land

The series will cover the building blocks of EDR, various ways to collect data, analysis and detection methods, and how to evade them.
Session 1: EDR Fundamentals
Topics to be covered
1. What is an EDR
2. Building blocks of EDR
3. Common EDR features
4. Process events
4.1 Common event sources
4.1.1 Linux Audit Subsystem
4.1.2 eBPF
4.1.3 System call tracepoints
4.2 Process event metadata
5. Common detection mechanisms
5.1 Command line
5.2 Process tree
6. Evasion from process event detection
6.1 Spoofing ELF file name
6.2 Poisoning the command line
6.3 Poisoning the process tree

Speakers: Adhokshaj Mishra, Siddharth Sharma
Intro: Mishra Ji is a renowned Researcher and Speaker In Malware and Reverse Engineering field, Sharma Ji also comes from the same field and is well versed in Reverse engineering in Various Languages.

Time: 1-1.5 hr
Time: Jul 31, 2021 04:00 PM Mumbai, Kolkata, New Delhi
Every month on the Last Sat, 4 occurrence(s)
Jul 31, 2021 04:00 PM
Aug 28, 2021 04:00 PM
Sep 25, 2021 04:00 PM
Oct 30, 2021 04:00 PM

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [235.36 KB]