Veni, No Vidi, No Vici - Attacks on ETW Blind EDR Sensors
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical vulnerability in Event Tracing for Windows (ETW) that can render Endpoint Detection & Response (EDR) solutions ineffective in this 42-minute Black Hat conference talk. Delve into the intricacies of ETW, a built-in Windows feature originally designed for software diagnostics but now essential for EDR security. Understand how ETW's deep integration with the Windows kernel and involvement in numerous API calls makes it a prime target for malware attacks. Learn about the alarming discovery that malware countermeasures can disable ETW, potentially rendering an entire class of EDRs useless. Gain insights from security experts Andrey Golchikov, Igor Korkin, and Claudiu Teodorescu as they discuss the implications of this vulnerability and its impact on cybersecurity defenses.
Syllabus
Veni, No Vidi, No Vici: Attacks on ETW Blind EDR Sensors
Taught by
Black Hat
Related Courses
Kernel Exploit Hunting and MitigationHack In The Box Security Conference via YouTube HARES - Hardened Anti Reverse Engineering System
SyScan360 via YouTube Discovering 20 Year Old Vulnerabilities in Modern Windows Kernel
Black Hat via YouTube Function Overrides - From a Security Mitigation to a Full-Fledged Performance Feature
Recon Conference via YouTube Social Engineering the Windows Kernel - Finding and Exploiting Token Handling Vulnerabilities
Black Hat via YouTube