Description

Book Synopsis
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box - it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.

Trade Review
"A great book for red and blue [people]! It is a great resource for anyone who wants to learn more about how EDRs work and Windows internals with a security perspective."
—Olaf Hartong, @olafhartong, researcher at FalconForce

"If you spend any time around EDR's, or are just interested in how they work... this book is an invaluable addition to your collection."
Adam Chester, @_xpn_, RedTeamer at TrustedSec

"A masterclass in understanding EDR internals...a very relevant handbook for both attackers and defenders to learn about the strengths, but also limitations and blind spots of EDR software."
—Arris Huijgen, @bitsadmin

Table of Contents
Introduction
Chapter 1: EDR-chitecture
Chapter 2: Function-Hooking DLLs
Chapter 3: Thread and Process Notifications
Chapter 4: Object Notifications
Chapter 5: Image-Load and Registry Notifications
Chapter 6: Minifilters
Chapter 7: Network Filter Drivers
Chapter 8: Event Tracing for Windows
Chapter 9: Scanners
Chapter 10: Anti-Malware Scan Interface
Chapter 11: Early Launch Anti-Malware Drivers
Chapter 12: Microsoft-Windows-Threat-Intelligence
Chapter 13: A Detection-Aware Attack
Appendix

Evading Edr: The Definitive Guide to Defeating

    Product form

    £42.74

    Includes FREE delivery

    RRP £56.99 – you save £14.25 (25%)

    Order before 4pm today for delivery by Wed 1 Jul 2026.

    A Paperback / softback by Matt Hand

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Evading Edr: The Definitive Guide to Defeating by Matt Hand

      Publisher: No Starch Press,US
      Publication Date: 31/10/2023
      ISBN13: 9781718503342, 978-1718503342
      ISBN10: 1718503342
      Also in:
      Computing Computer programming / software engineering

      Description

      Book Synopsis
      Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you'll learn that EDR is not a magical black box - it's just a complex software application built around a few easy-to-understand components. The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.

      Trade Review
      "A great book for red and blue [people]! It is a great resource for anyone who wants to learn more about how EDRs work and Windows internals with a security perspective."
      —Olaf Hartong, @olafhartong, researcher at FalconForce

      "If you spend any time around EDR's, or are just interested in how they work... this book is an invaluable addition to your collection."
      Adam Chester, @_xpn_, RedTeamer at TrustedSec

      "A masterclass in understanding EDR internals...a very relevant handbook for both attackers and defenders to learn about the strengths, but also limitations and blind spots of EDR software."
      —Arris Huijgen, @bitsadmin

      Table of Contents
      Introduction
      Chapter 1: EDR-chitecture
      Chapter 2: Function-Hooking DLLs
      Chapter 3: Thread and Process Notifications
      Chapter 4: Object Notifications
      Chapter 5: Image-Load and Registry Notifications
      Chapter 6: Minifilters
      Chapter 7: Network Filter Drivers
      Chapter 8: Event Tracing for Windows
      Chapter 9: Scanners
      Chapter 10: Anti-Malware Scan Interface
      Chapter 11: Early Launch Anti-Malware Drivers
      Chapter 12: Microsoft-Windows-Threat-Intelligence
      Chapter 13: A Detection-Aware Attack
      Appendix

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account