BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: EDR detection mechanisms and bypass techniques with\
 n   EDRSandBlast\n   When: Saturday\, Aug 13\, 10:00 - 11:55 PDT\n   Where
 : Caesars Forum - Society Boardroom (Demo Labs) - [1]Map\n   Speakers:Thom
 as Diot\,Maxime Meignan\n\n   SpeakerBio:Thomas Diot\n   Thomas Diot (Qaze
 er) is a security consultant at Wavestone\, an\n   independent French cons
 ulting firm. His work involves a mix of\n   penetration testing\, Red / Pu
 rple Teams engagements\, and Incident\n   Responses with Wavestone CERT-W.
  Thomas enjoys practicing and\n   improving his skills by playing in CTFs\
 , developing tools\, and working\n   on various security projects.\n\n   S
 peakerBio:Maxime Meignan\n   Maxime Meignan (@th3m4ks) is a security consu
 ltant at Wavestone\, based\n   in Paris\, since the middle of the last dec
 ade. Loving to reverse\n   engineer binaries in both professional and CTF 
 contexts\, Maxime has an\n   IDA sticker on the back of his smartphone. An
 d writes this\n   uninteresting fact in his bio. He is currently intereste
 d in various\n   fields of security\, related to EDR software\, Windows in
 ternals and\n   Virtualisation Based Security.\n\n   Description:\n   EDRS
 andBlast is a tool written in C that implements and industrializes\n   kno
 wn as well as original bypass techniques to make EDR evasion easier\n   du
 ring adversary simulations. Both user-land and kernel-land EDR\n   detecti
 on capabilities can be bypassed\, using multiple unhooking\n   techniques 
 and a vulnerable signed driver to unregister kernel\n   callbacks and disa
 ble the ETW Threat Intelligence provider. Since the\n   initial release\, 
 multiple improvements have been implemented in\n   EDRSandBlast: it is now
  possible to use this toolbox as a library from\n   another attacking tool
 \, new bypasses have been implemented\, the\n   embedded vulnerable driver
  is now interchangeable to increase\n   stealthiness and the use of a pre-
 built offsets database is no more\n   required! Come discover our tool and
  its new features\, learn (or teach\n   us!) something about EDRs and disc
 uss about the potential improvements\n   to this project.\n\n   Audience: 
 Offense\, Defense\, Windows\, EDR\n\n   '\n\n   1. https://defcon.outel.or
 g/consolidated_page.html#CaesarsSummitBR\n\n\n
DTEND:20220813T185500Z
DTSTART:20220813T170000Z
LOCATION:DL - Caesars Forum - Society Boardroom (Demo Labs)
SUMMARY:EDR detection mechanisms and bypass techniques with EDRSandBlast
END:VEVENT
END:VCALENDAR