In this post I have covered the basics of how EDR products work on Windows and techniques to get around them (some source code included). Topics Covered Windows API Call Flow API Hooking & Unhooking Syscalls Kernel Callbacks & User Land ETW Parent Child Process Relationships Static & Dynamic Analysis Execution Methods Credits …