Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs and other endpoint security solutions against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state of the art endpoint security systems fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack.
翻译:先进的持续威胁对蓝队构成重大挑战,因为它们长期实施各种袭击,阻碍事件的相关性和探测;在这项工作中,我们利用各种袭击情景来评估应急反应和其他终端安全解决方案对发现和预防APT的有效性;我们的结果表明,由于艺术端点安全系统的状况无法预防和记录这项工作所报告的大部分袭击,仍有很大的改进余地。此外,我们讨论了如何改变ESDR的遥测提供者,使对手能够进行更多的隐形袭击。