Using Minifilters to Disable EDR Systems - A Kernel-Based Attack Technique
Security BSides London via YouTube
Learn EDR Internals: Research & Development From The Masters
Start speaking a new language. It’s just 3 weeks away.
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Watch a 40-minute Security BSides London conference talk exploring advanced offensive security techniques using minifilters to bypass and disable Endpoint Detection and Response (EDR) systems. Learn about EDR architecture fundamentals and components before diving into common minifilter abuse methods for evading file system monitoring. Discover a novel technique for completely disabling EDR agents by preventing access to critical resources through PreOperation callback registration, including detailed kernel-level concepts and implementation steps. Compare the effectiveness of different minifilter exploitation approaches for concealing malicious activities and indicators of compromise. Examine defensive strategies, potential countermeasures, and methods for detecting and mitigating minifilter-based attacks. Conclude with key insights into this sophisticated offensive security approach and participate in an interactive Q&A discussion.
Syllabus
When The Hunter Becomes The Hunted: Using Minifilters To Disable EDRs - Tom Philippe
Taught by
Security BSides London