EDR evasion: A threat analysis of the "Mockingjay" technique
Date & Time
Tuesday, September 12, 2023, 1:15 PM - 1:45 PM
Felipe Duarte Thiago Peixoto

In late June 2023, researchers at MDR and incident response firm Security Joes reported their recent discovery of the Mockingjay process injection technique, which bypasses and evades EDR detection. Essentially, the researchers found that by misusing Windows libraries, one can inject potentially malicious code into various processes without having to execute certain Windows APIs that EDR security solutions normally keep an eye out for and flag as suspicious. In this session, Security Joes researchers will provide important details around their Mockingjay discovery, as well as discuss other common forms of EDR evasion that the end-user community needs to watch out for.