2025-10-31 –, Main Hall
If you listen to any of the major Endpoint Detection and Response (EDR) vendors, they all claim that their software uses the latest next generation AI which will stop adversaries in their tracks, using their real-time cloud-based threat intelligence. If you just download their tool, you'll be safe from 90% of attacks!
But when we peek behind the curtain with the buzzwords written all over it, just how effective are these tools? Like a ghost in a haunted house, can we cause mayhem and mischief without being seen?
When an attacker is carrying out an attack there’s a number of common steps which are frequently observed, for example:
* Gaining initial access
* Escalating privileges
* Maintaining access
* Moving laterally within a network
* Gaining access to and extracting sensitive data
In this talk, we will run through specific examples of these techniques and see what is detected by EDR software. We'll then combine those techniques and see if it is possible to create attack chains which allow us to achieve our goals without alerting any ghost hunters.
By the end of this talk, you’ll have an appreciation for the types of techniques which can be used to bypass EDR tools, and where the gaps of these tools are so that additional protections can be put in place.
Jess has been working as a professional pentester for 13 years, and is one of the co-founders of Pākiki Security. She grew up in Christchurch but now lives in Wellington.
In her spare time, she enjoys reading, dancing, going for bush walks, or just hopping in the car and driving wherever the dopamine takes her.