|
|
EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it.
揭秘EDR!通过这本全面的指南,了解在Microsoft系统上运行的攻击检测软件,以及如何规避它,让您在攻击者之前保持领先一步。
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components.
几乎每家企业都会使用端点检测与响应(EDR)代理来监控其网络上的设备,寻找攻击迹象。但这并不意味着安全防御人员了解这些系统是如何实际运作的。本书将揭秘EDR,带您深入了解EDR是如何检测攻击者活动的。一章接一章,您将了解到,EDR并非神奇的黑箱——它只是围绕几个易于理解的组件构建的复杂软件应用程序。
The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
作者凭借自己作为红队成员多年的经验,研究了最常见的传感器组件,讨论了它们的目的,解释了它们的实现方式,并展示了它们如何从Microsoft操作系统中收集各种数据点。除了介绍设计有效EDR背后的理论外,每一章还揭示了红队成员在其行动中可以用来绕过EDR的已记录规避策略。
|
|
发表于 2024-10-18 14:06:51
