The series will cover building blocks of EDR, various ways to collect data, analysis and detection methods, and how to evade them.
Session 1: EDR Fundamentals
Topics to be covered
1. What is an #EDR
2. Building blocks of EDR
3. Common EDR features
4. Process events
4.1 Common event sources
4.1.1 #Linux Audit Subsystem
4.1.2 #eBPF
4.1.3 System call tracepoints
4.2 Process event metadata
5. Common detection mechanisms
5.1 Command line
5.2 Process tree
6. Evasion from process event detection
6.1 #Spoofing ELF file name
6.2 #Poisioning the command line
6.3 Poisoning the process treeSpeakers: Adhokshaj Mishra, Siddharth Sharma
Time: 1-1.5 hr
Time: Jul 31, 2021 04:00 PM
Registration Link: https://vapra.shiksha/register-for-next-varta/
An initiative for #Cybersecurity Varta
Request you all to follow us on the following platforms for regular updates.
https://t.me/VapraShiksha (Central Node for all Info)
https://vapra.shiksha
http://facebook.com/VapraShiksha
http://twitter.com/VapraShiksha
https://www.linkedin.com/company/vaprashiksha
https://www.youtube.com/channel/UCSf6L2g-OL7jh0PMdUQjzbg