🎙️ André Lima

Talk Title: EDR Evasion 101: In a Professional Hacker Red Team

Abstract

In this session, we will dive into practical techniques for bypassing both static and dynamic analysis within modern Endpoint Detection and Response (EDR) solutions. We will start by exploring how to select the right programming language to out manoeuvre automated detection, then shift gears to writing x86_64 assembly that stays under the radar.

After covering these fundamentals, we will briefly touch on why kernel-level development is significant for evasion strategies, and offer an even quicker glimpse into hypervisor approaches. This talk is intended as a foundational guide — leaving the deeper complexities of kernel and hypervisor development for more advanced sessions — so attendees can walk away with a solid “101” understanding of EDR evasion.

Bio

André Lima is a Red Team Leader doing it since 2011, who has worked in Portugal, Australia, and now leads the Cyber Operations Team at Advisense in Oslo. He is also a researcher and shares his work regularly on his
YouTube channel and blog, while also presenting at security conferences.

His main areas of expertise are reverse engineering, exploit development, and malware development with a focus on EDR bypasses. When not working, André enjoys playing basketball, tennis, or watching Formula 1.

← Back to Speaker List