This session explores how attackers try to slip past today's Windows defenses including EDR tools, Attack Surface Reduction rules, Sysmon logging and even Credential Guard.

Attendees will learn how attackers look for gaps in monitoring, take advantage of features that organizations forget to disable.

The session is a practical guide for defenders who want to see where Windows security can break down today and how to stay ahead of those gaps.

Session contains:
How EDR works and circumvented
Evading Credential Guard
Bypassing ASR rules
Attacking Sysmon
Closing the gaps