Next-Gen AV and EDR are the new hotness on the scene this year. They promise to put the bad guys and the red team in their place through increased endpoint detection and response. What they don't do that even traditional AV has had issues with is self-protection. This talk will go into the ways in which next-gen AV and EDR (Cylance, Crowdstrike, Carbon Black, Defender ATP) can be defeated using simple tricks that have worked against AV for decades. Rather than attempt to hide from them, attacking them head on through gaps in self-protection mechanisms seems to be the best bang for the buck.

Steve is an IR and threat hunting specialist, working for . His turn ons include IOCs, fileless malware samples, C++ and gandalf sax guy 10 hour Youtube jams.His turn offs: People who don't hold doors, lactose, and Perl. Nick is an offensive security professional working for . In his spare time he is a casual CS:GO try-hard. Turn ons include: RCE, LFI, TLAs and over-privileged accounts.Turnoffs include:feet, undocumented APIs, and NDAs.

@graphx, Steve only has a facebook and instagram.You should follow him on instagram

Back to Derbycon 2019 video list