This has to be one of my favorite EDR resources after Evading EDR by Matt Hand.
https://blog.deeb.ch/posts/how-edr-works/
#edr #ThreatHunting
blog.deeb.chThe (Anti-)EDR Compendium
Administered by:
#edr
0 posts0 participants0 posts today
https://www.cyclingeu.com/661559/pidcock-wins-on-mtb-return-in-andorra-with-epic-comeback-ride-%f0%9f%94%a5-the-b-line-uci-xco-world-cup/ Pidcock wins on MTB return in Andorra with EPIC comeback ride 
| The B Line – UCI XCO World Cup ##xcm #Andorra #Bicycling #Biking #BikingAndorra #CrossCountry #CrossCountryMarathon #CrossCountryMountainBiking #Cycling #DHI #downhill #DownhillMountainBiking #EBikes #EBiking #EEDR #EDR #enduro #EnduroWorldSeries #MountainBiking #MTB #MTBRacing #racing #UCI #UCIMTBWorldSeries #UciWorldCup #WorldCup #WorldSeries #XCC #XCO
What is the best EDR for a limited budget?
I manage a company with about 110 endpoints, we would like to consider taking a leap and improving our security by considering the purchase of an EDR.
We currently use a simple antivirus, Kaspersky Internet Security with patch management
https://www.cyclingeu.com/610777/2025-downhill-season-returns-with-a-bang-in-bielsko-biala-the-b-line-uci-downhill-world-cup-recap/ 2025 Downhill season returns with a BANG in Bielsko-Biała | The B Line UCI Downhill World Cup RECAP! ##xcm #Bicycling #Biking #BikingPoland #CrossCountry #CrossCountryMarathon #CrossCountryMountainBiking #Cycling #DHI #downhill #DownhillMountainBiking #EBikes #EBiking #EEDR #EDR #enduro #EnduroWorldSeries #MountainBiking #MTB #MTBRacing #poland #racing #UCI #UCIMTBWorldSeries #UciWorldCup #WorldCup #WorldSeries #XCC #XCO
2025 Ransomware Trends You Need to Know
Ransomware isn’t slowing down—in fact, it’s evolving faster than ever in 2025. Watch our new video for details on ransomware trends, including:
AI-powered ransomware that evolves faster than defenders can keep up A surge in rookie attackers using leaked playbooks and dark web kits The 2025 must-have proactive prevention strategies
Watch now for the details! https://youtu.be/r4_ePm3swE0
#Ransomware crews add '#EDR killers' to their arsenal – and some aren't even malware
Criminalss are disabling #security tools early in attacks, Talos says
Ransomware crews are increasingly using programs like #EDRSilencer, #EDRSandblast, #EDRKillShifter, and Terminator to either modify or completely disable endpoint detection and response (EDR) products.
https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/
The Register · Ransomware crews add 'EDR killers' to their arsenal – and some aren't even malware
New "Bring Your Own Installer" #EDR bypass used in #ransomware attack
New 'Bring Your Own Installer (#BYOI)' technique allows to bypass #EDR
https://securityaffairs.com/177494/hacking/new-bring-your-own-installer-byoi-technique-allows-to-bypass-edr.html
#securityaffairs #hacking
Security Affairs · New 'Bring Your Own Installer (BYOI)' technique allows to bypass EDRNew BYOI technique lets attackers bypass SentinelOne EDR,disable protection, and deploy Babuk ransomware by exploiting agent upgrade process
EDR-as-a-Service makes the headlines in the cybercrime landscape – Source: securityaffairs.com https://ciso2ciso.com/edr-as-a-service-makes-the-headlines-in-the-cybercrime-landscape-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #EmergencyDataRequests #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #hackingnews #CyberCrime #Cybercrime #DataBreach #Security #hacking #Malware #EDR
CISO2CISO.COM & CYBER SECURITY GROUP · EDR-as-a-Service makes the headlines in the cybercrime landscape – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Da
#EDR-as-a-Service makes the headlines in the #cybercrime landscape
https://securityaffairs.com/176266/cyber-crime/edr-as-a-service-edr-cybercrime.html
#securityaffairs #hacking
Security Affairs · EDR-as-a-Service makes the headlines in the cybercrime landscapeCybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests - EDR), targeting major platforms
https://www.cyclingeu.com/568689/denmark-downhill-donny-filmed-and-edited-by-brokenphotograpy/ DENMARK DOWNHILL DONNY || FILMED AND EDITED BY BROKENPHOTOGRAPY #AIR #Bicycling #Bike #Biking #BikingDenmark #cannondale #Cycling #Denmark #dh #downhill #edit #EDR #enduro #habit #lt #MountainBiking #MTB #race #RAW #rockshox #suspension #UCI #Viral #vivid #zeb
#Cybersecurity #Schwachstelle #IoT Devices: Eine ziemlich abenteuerliche Geschichte von einem Akira #Ransomware Angriff zeigt, dass Endpoint Detection and Response (#EDR) nicht immer hilft, wenn es an anderer Stelle im Unternehmensnetz weitgehend ungeschützte Einfallstore gibt - bis hin zu einer auf den ersten Blick vielleicht harmlos erscheinenden Webcam - darum macht Netzwerksegmentierung Sinn:
Golem.de · Cyberangriff analysiert: Hacker verschlüsseln Unternehmensdaten über eine Webcam - Golem.de
#Akira #ransomware gang used an unsecured webcam to bypass #EDR
https://securityaffairs.com/175103/cyber-crime/akira-ransomware-gang-used-unsecured-webcam-bypass-edr.html
#securityaffairs #hacking #malware
Security Affairs · Akira ransomware gang used unsecured webcam to bypass EDRThe Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim's network.
The Akira #ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response #EDR, which was blocking the encryptor in Windows
The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1, 2 and 3:
https://neodyme.io/en/blog/com_hijacking_1/
https://neodyme.io/en/blog/com_hijacking_2/
https://neodyme.io/en/blog/com_hijacking_3/#vulnerability-1-leveraging-file-deletion-for-lpe
Frage in die Runde:
Hat jemand von euch (oder kennt jemanden) in den letzten Jahren eine Endpoint Protection oder ein EDR in der Firma eingeführt (z.B. Jamf Protect, Microsoft Defender for Business o.ä.)?
Wie lange hat das ca. gedauert (inkl. datenschutzrechtlichen und IT-Sicherheitsabklärungen)?
Wäre um ein paar Erfahrungswerte aus der Schweiz und dem EU-Raum dankbar 
I just learned SANS put out some new research papers on December 5th. Looking forward to reading "Never Trust, Always Verify: Effectiveness of Endpoint Detection and Response Tools Versus Zero Trust Endpoint Controls in Enterprise Environments"
www.sans.eduCyber Security Research Papers | SANS Technology InstituteCyber Security Research Paper
Windows Firewall and WFP are only two ways to silence an EDR agent.
In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.
https://cloudbrothers.info/en/edr-silencers-exploring-methods-block-edr-communication-part-1/
And if you want even more, checkout part 2 released by @cyb3rmonk Link in the post
cloudbrothers.info · EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1For red teams and adversary alike it’s important to stay hidden. As many companies nowadays have EDR agents deployed those agents are always in focus and tools like EDRSilencer or EDRSandblast use different techniques to prevent further communications of the EDR agent with the log ingestion endpoint.
A few weeks ago Mehmet Ergene and I were discussing other ways to prevent agent communications and ways to detect such tampering. The idea for a a two part blog post was born.
Last talk before the afternoon break, and third-last talk of this @hack_lu #hacklu2024 is Hilko Bengen with “Detection and response for Linux without #EDR” @hillu