Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems (Paperback)
暫譯: 迴避 EDR:擊敗端點偵測系統的終極指南(平裝本)
Hand, Matt
- 出版商: No Starch Press
- 出版日期: 2023-10-31
- 定價: $2,190
- 售價: 8.8 折 $1,927
- 語言: 英文
- 頁數: 312
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1718503342
- ISBN-13: 9781718503342
-
相關分類:
資訊安全、駭客 Hack
立即出貨 (庫存 < 3)
買這商品的人也買了...
-
Fuzzing: Brute Force Vulnerability Discovery (Paperback)$2,390$2,271 -
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Paperback)$2,240$2,128 -
Binary Hacks -- 駭客秘傳技巧一百招$580$458 -
$908惡意代碼分析實戰 -
$1,540Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly (Paperback) -
$1,540Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats -
The Ghidra Book: The Definitive Guide (Paperback)$2,180$2,071 -
黑客之道 : 漏洞發掘的藝術, 2/e (Hacking: The Art of Exploitation, 2/e)$714$678 -
CTF 特訓營:技術詳解、解題方法與競賽技巧$534$507 -
$505風控要略 — 因特網業務反欺詐之路 -
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9/e (Paperback)$2,860$2,717 -
Practical Linux Forensics: A Guide for Digital Investigators (Paperback)$2,210$2,100 -
計算機組成原理:作業系統概論Ⅰ$560$437 -
Rootkit 和 Bootkit:現代惡意軟件逆向分析和下一代威脅$774$735 -
計算機組成原理:作業系統概論Ⅱ$600$468 -
Learn Enough JavaScript to Be Dangerous: A Tutorial Introduction to Programming with JavaScript$1,580$1,501 -
計算機組成原理:基礎知識揭密, 2/e$520$406 -
C++20 高級編程$654$621 -
$509內網滲透體系建設 -
操作系統:原理與實現$714$678 -
Learn Enough Python to Be Dangerous: Software Development, Flask Web Apps, and Beginning Data Science with Python (Paperback)$1,580$1,501 -
Windows APT Warfare:惡意程式前線戰術指南, 2/e$650$507 -
一本精通 - Python 範例應用大全:Python 詳細語法教學 & 100+ 個 Python 範例$880$695 -
從異世界歸來發現只剩自己不會 Kubernetes:初心者進入雲端世界的實戰攻略!(iThome鐵人賽系列書)【軟精裝】$720$562 -
$1,892Windows Security Internals: A Deep Dive Into Windows Authentication, Authorization, and Auditing (Paperback)
商品描述
EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems--and how to evade it.
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box--it's just a complex software application built around a few easy-to-understand components.
The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
商品描述(中文翻譯)
**EDR,揭開神秘面紗!透過這本全面指南,了解在 Microsoft 系統上運行的攻擊檢測軟體,並保持在攻擊者之前一步。**
幾乎每個企業都使用端點檢測與回應(Endpoint Detection and Response, EDR)代理程式來監控其網路上的設備,以尋找攻擊跡象。但這並不意味著安全防禦者了解這些系統的實際運作方式。本書揭開 EDR 的神秘面紗,深入探討 EDR 如何檢測對手活動。逐章學習後,你將明白 EDR 不是一個神奇的黑盒子——它只是一個圍繞幾個易於理解的組件構建的複雜軟體應用程式。
作者利用他作為紅隊操作員的多年經驗,調查每個最常見的感測器組件,討論其目的,解釋其實現方式,並展示它們如何從 Microsoft 作業系統收集各種數據點。除了涵蓋設計有效 EDR 的理論外,每章還揭示了紅隊成員在其任務中可以使用的繞過 EDR 的已記錄規避策略。
作者簡介
Matt Hand is an experienced red team operator with over a decade of experience. His primary areas of focus are in vulnerability research and EDR evasion where he spends a large amount of time conducting independent research, developing tooling, and publishing content. Matt is currently a Service Architect at SpecterOps where he focuses on improving the technical and execution capabilities of the Adversary Simulation team, as well as serving as a subject matter expert on evasion tradecraft.
作者簡介(中文翻譯)
**Matt Hand** 是一位擁有超過十年經驗的紅隊操作員。他的主要專注領域是漏洞研究和EDR(端點偵測與回應)規避,他花了大量時間進行獨立研究、開發工具和發佈內容。Matt 目前在 SpecterOps 擔任服務架構師,專注於提升對手模擬團隊的技術和執行能力,同時擔任規避技術的主題專家。
