Research suggests that hackers can easily bypass Endpoint Detection and Response protections, the malware detecting and blocking solutions on which organizations have invested billions of dollars.
"Combining several well-known techniques yields malware that evades all EDRs that we tested," says Karsten Nohl, chief scientist at German security consultancy SRLabs. "This allows the hacker to streamline their EDR evasion efforts."
Nohl and SRLabs' Jorge Gimenez tested EDRs sold by Symantec, SentinelOne, and Microsoft, and circumvented them using one or both of two techniques. One method avoids the code or "hooks" that EDRs use to overwrite the code libraries applications employ to interact with the operating system kernel. The other method uses only fragments of the hooked functions to prevent the hook from activating.
From Ars Technica
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA