BSides Tallinn 2024

BSides Tallinn 2024

Jaanus Kääp

Jaanus Kääp is a seasoned security researcher at Clarified Security, bringing over a decade of expertise in security testing and research. He has uncovered vulnerabilities in a wide range of technologies, including web applications, document parsers, the Windows kernel and drivers, antivirus software, and hypervisors. Jaanus was recognized for his contributions to the field, appearing on the Microsoft Security Response Center's (MSRC) Most Valuable Security Researchers list for five consecutive years.

Currently, Jaanus is also focused on developing Tuoni, an advanced adversary emulation tool. One of his primary responsibilities is devising methods to circumvent Endpoint Detection and Response (EDR) systems.


Session

09-19
14:15
45min
No EDRs were harmed while making this talk
Jaanus Kääp

In this talk we'll explore how Red Teams can and do evade Endpoint Detection and Response (EDR) systems.

First, we'll look at how EDRs are set up and used in various environments. We'll break down their components and how they work & communicate. Next, we'll dive into common malware functionalities and the different ways EDRs internally try to detect them.

The main focus will be on the actual techniques used for avoiding detection and how they can be implemented. We'll cover how different detection scenarios are handled and also some more generic bypasses that still work against advanced EDR systems. We'll also have live demos to show these techniques in action if demo gods allow.

Workshops
Workshops