Master of Puppets: How to tamper the EDR?

Recordings

https://www.youtube.com/watch?v=ZIxE_wHwA84

View Recording

Slides

/files/slides/001_02-ET3X3H-Master of Puppets- How to tamper the EDR.pdf

View Slides

Abstract

Despite admin privileges an EDR product in Windows can be very annoying from red team perspective. Therefor we search ways to disable the EDR without relying on a uninstall password, Windows security center etc.

Daniel Feichter

Daniel Feichter works since a few years as red teamer and penetration tester in Austria. His focus is on Windows environment red teaming, pentesting and research. Among other things, he is intensively engaged in AV/EDR systems under Windows OS. At the end of 2021 he decided to start his own company which is called Infosec Tirol (https://www.infosec.tirol), with which he focus on product independent offensive security services to improve the IT-Security in companies in Austria.