Defending off the land: Agentless defenses available today

Defending-off-the-land will show novel, open-source techniques to use existing Windows OS capabilities to detect and alert on attackers–without needing to deploy yet another agent. Attackers use “living-off-the-land” techniques to prevent detection–using existing OS capabilities to further their offensive goals. Defenders have traditionally relied upon vendor products to keep attackers at bay: EDR, IPS, XDR, etc. These products augment endpoints and networks with 3rd party agents and appliances to detect and evict would-be attackers. In this talk we show nine capabilities from a spectrum of options to improve endpoint instrumentation and defense using in-built OS capabilities….

By: Jacob Torrey & Marco Slaviero

Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-24/briefings/schedule/#defending-off-the-land-agentless-defenses-available-today-42284Black HatRead More