Rating: ★★★★★ (5 of 5 stars)
‘Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.’ is absolutely awesome. The book does a deep dive into the world of EDR for Windows. The focus is on how EDRs work internally. Based on the inner working some techniques are provided on a high level (!) how certain EDR detection mechanisms could be evaded. There are sources provided to dive deeper into the concrete techniques if you are interested.
There is some basic example source code included in the book, but mainly to understand structures used in the Windows API and sometimes example code of how an EDR source code could look like. That is the reason why I think you get most out of the book if you are a little familiar with the Windows API and C.
In a few chapters some historic background about how the Windows environment evolved is provided. This is in my opinion very interesting as this shows why EDRs are nowadays so capable to detect various activities as there is more and more context available via different sources.
I definetly recommend reading the book if you are working in Cybersecurity. EDRs play a crucial role in the current cybersecurity landscape and understanding how EDRs work will make you a better Red-/Blue-/Whatever Teamer.
“Know your tools”