Technical Manager, Optiv
Matthew Eidelberg is a Technical Manager in Optiv’s Threat Management Team (Attack and Penetration specialization). Matthew has over 8 years’ experience in both consulting and information security. Matthew’s primary role is focused on leading Threat Management’s Adversary Simulation Services which focus on physical, red/purple team, and other advanced assessments.
Matthew’s expertise also involves research development, focusing on developing new techniques and tooling for endpoint security bypass and evasion. Matthew’s experience working in enterprise networks has also given him a deep understanding of the business operations.
Endpoint Detection and Response (EDR) have become the punching bags of the security world. Attackers employ sophisticated techniques to circumvent these controls and as a result, there has been a driving need for defenders to detect and prevent these attacks... but are they sufficient? This talk will go over all the operational considerations and tradecraft theory I've developed over the past few years when evading EDRs and other endpoint controls. This will primarily focus on techniques to ensure command and controls servers are not easily detected and contain virtually no Indicators of Compromise. This talk will then deep dive into the inner workings of the EDR bypassing framework ScareCrow,highlighting some of the lesser-known techniques and new features that are available to red teamers and pentesters. By the end of this talk, the audience should walk away with a detailed understanding of how to use ScareCrow and other opsec considerations to avoid being detected by endpoint controls and blue teams.
