BYOTB: Bring Your Own Trusted Binary - Understanding EDR Evasion and Defense

Explore a 34-minute Security BSides London conference talk that delves into the sophisticated technique of Bring Your Own Trusted Binaries (BYOTB)©, where attackers leverage legitimate, signed, or checksum-verified binaries to bypass modern security defenses. Learn how these trusted binaries, which may not be present on target systems, can evade detection by operating systems and EDR solutions due to their inherent trust status. Gain technical insights into the mechanics of BYOTB, including specific examples of trusted binaries and their effectiveness in circumventing security measures. Master EDR and firewall evasion tactics through demonstrations of how adversaries exploit detection gaps using trusted binaries. Discover practical detection techniques and defensive strategies, including methods for monitoring binary usage and implementing stricter execution policies. Designed for both Red Team professionals seeking to understand exploitation techniques and Blue Team defenders looking to enhance their security posture, acquire actionable knowledge to identify BYOTB techniques and implement effective countermeasures in your security environment.