How to Defeat EDRs in Usermode

Explore advanced techniques for bypassing Endpoint Detection and Response (EDR) systems in usermode during this 56-minute conference talk from the Hack In The Box Security Conference. Learn how defensive solutions have evolved over time and discover various EDR bypass methods, including PID spoofing, DLL blocking, userland unhooking, syscalls, and manual mapping. Watch as Jean-François demonstrates these bypasses using a custom-built EDR and C# with the D/Invoke framework, while emphasizing that the principles can be applied to other programming languages. In the second half, Alessandro presents his tool, Inceptor, which incorporates knowledge from previous presentations to bypass modern defenses in multiple languages with built-in obfuscation methods. Gain insights from two experienced security professionals, Alessandro Magnosi and Jean-François Maes, as they share their expertise and inspire attendees to learn from conferences and develop innovative cybersecurity solutions.

#HITBCW2021 D2 - How To Defeat EDRs In Usermode - Alessandro Magnosi & Jean Francois Maes