EDR demystified! Stay a step ahead of attackers with this comprehensive guide to understanding
the attack-detection software running on Microsoft systems—and how to evade it. Nearly every
enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their
network for signs of an attack. But that doesn't mean security defenders grasp how these
systems actually work. This book demystifies EDR taking you on a deep dive into how EDRs
detect adversary activity. Chapter by chapter you’ll learn that EDR is not a magical black
box—it’s just a complex software application built around a few easy-to-understand components.
The author uses his years of experience as a red team operator to investigate each of the most
common sensor components discussing their purpose explaining their implementation and
showing the ways they collect various data points from the Microsoft operating system. In
addition to covering the theory behind designing an effective EDR each chapter also reveals
documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
