Skip to main content
back to agenda
on this page

Case Study: Defeating a modern EDR

  • 17:00
  • Wed
  • 15 Nov
Briefing Stage 2
Sponsored Session


When executing red teaming engagements, capabilities are required to evade detection controls such as an EDR. Outflank Security Tooling (OST) offers advanced offensive R&D and sophisticated evasion options.

Modern day EDRs correlate various telemetry sources to identify possible malware behaviour. Certain remote process injection techniques, such as queueing APCs, are more easily detected by EDRs with enhancements in Windows (TI-ETW). Fortunately, the kernel-land vs user-land battle has not been lost - it just requires more effort and preparation.

In this talk, we will dive into research and technical details of evasion in relation to process injection.