Case Study: Defeating a modern EDR

When executing red teaming engagements, capabilities are required to evade detection controls such as an EDR. Outflank Security Tooling (OST) offers advanced offensive R&D and sophisticated evasion options.

Modern day EDRs correlate various telemetry sources to identify possible malware behaviour. Certain remote process injection techniques, such as queueing APCs, are more easily detected by EDRs with enhancements in Windows (TI-ETW). Fortunately, the kernel-land vs user-land battle has not been lost - it just requires more effort and preparation.

In this talk, we will dive into research and technical details of evasion in relation to process injection.