Defeating Next-Gen AV and EDR: Using Old (And New) Tricks on New Dogs

DerbyCon 9.0 - Finish Line

Presented by: Steve Eisen (Rum Twinkies), Nick Lehman (Graph-X)
Date: Friday September 06, 2019
Time: 15:00 - 15:45
Location: Track 2

Next-Gen AV and EDR are the new hotness on the scene this year. They promise to put the bad guys and the red team in their place through increased endpoint detection and response. What they don't do that even traditional AV has had issues with is self-protection. This talk will go into the ways in which next-gen AV and EDR (Cylance, Crowdstrike, Carbon Black, Defender ATP) can be defeated using simple tricks that have worked against AV for decades. Rather than attempt to hide from them, attacking them head on through gaps in self-protection mechanisms seems to be the best bang for the buck.

Nick Lehman

Steve is an IR and threat hunting specialist, working for <insert company here>. His turn ons include IOCs, fileless malware samples, C++ and gandalf sax guy 10 hour Youtube jams.His turn offs: People who don't hold doors, lactose, and Perl.

Steve Eisen

Nick is an offensive security professional working for <insert company here>. In his spare time he is a casual CS:GO try-hard. Turn ons include: RCE, LFI, TLAs and over-privileged accounts.Turnoffs include:feet, undocumented APIs, and NDAs.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats