What do you think?
Rate this book
Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.
EDR, demystified! Stay a step ahead of attackers with this comprehensive guide to understanding the attack-detection software running on Microsoft systems—and how to evade it.
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components.
The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on their network for signs of an attack. But that doesn't mean security defenders grasp how these systems actually work. This book demystifies EDR, taking you on a deep dive into how EDRs detect adversary activity. Chapter by chapter, you’ll learn that EDR is not a magical black box—it’s just a complex software application built around a few easy-to-understand components.
The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.
312 pages, Paperback
Published October 31, 2023
27 people are currently reading
85 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
June 11, 2025
A positive point is the title, that clearly reveals what's the book about - a red teamer's perspective on the EDR's functionality. The book is very technical and contains many snippets of code, which both could be appreciated by practitioners, but made it quite hard to read. The author refers in the text on existing research, but there's no reference section listing the sources. Overall, the book could become pivotal in the field, but still having some weak points.
January 7, 2024
Great read! goes to an amazing level of detail and does a very good job at explaining the technical details very well. The only thing lacking was the replication steps where the codesnipets and information provided was at points very limited and hard to follow. Despite this its still id still highly reccomend it to any one with an interest in malware and edr evasion!
September 19, 2024
Great!
We are setting up Sentinel One at the office and this helps me understand it much better. I always like to have an idea of how things work.
We are setting up Sentinel One at the office and this helps me understand it much better. I always like to have an idea of how things work.
October 30, 2023
An amazing resource for Red Teamers! Evading EDR takes the reader through each component of an EDR in detail. From kernel callbacks, to user mode hooks, AMSI and ETW-Ti, it's all here.
And for those that like to spend your time with WinDBG and C, the practical exercises have a lot to offer (and they certainly don't shy away from the low-level details).
If you spend any time around EDR's, or are just interested in how they work... this book is an invaluable addition to your collection.
And for those that like to spend your time with WinDBG and C, the practical exercises have a lot to offer (and they certainly don't shy away from the low-level details).
If you spend any time around EDR's, or are just interested in how they work... this book is an invaluable addition to your collection.
Displaying 1 - 4 of 4 reviews