Christopher Vella will be presenting his talk on EDR Internals and Bypasses at Nullcon Goa 2019. Christopher is a consultant at Context Information Security, where he writes offensive tools for Windows and hunts for vulnerabilities in corporate environments and ICS/SCADA systems.
Join Christopher as he reverse engineers an EDR product and the Windows kernel to unveil its inner-workings, alongside the Windows kernel structures and functions EDR products rely on to operate, and by doing so discover weaknesses and gaps in their protections that allow actors to bypass the product’s defenses, rendering them null&void. Finally, by abusing an identified weakness, he will use a custom-build mimikatz to dump all the hashes on a machine protected by EDR.
Founded in 2010, Nullcon was launched to provide a integrated platform for sharing information on the latest attack vectors, zero-day vulnerabilities and unknown threats. The event is known for their motto 'The neXt security thing!', where experts and security researchers have a chance to discuss the future of information security.
Find out more about the event here.