Building an EDR From Scratch Part 1 - Intro (Endpoint Detection and Response)

[0:11]Hey, welcome back for another video. So, in this video, we are going to start the intro for building an EDR from scratch. So what does this mean? This means that we are going to work through component by component and put together our own EDR. There will be several videos over the next few weeks or maybe even months where we're going to be building this EDR. So, uh the idea here is just to provide some better understanding on EDR internals and kind of get some some kernel exposure as well. So, some of the components that we're going to look at during this series is we are definitely going to build the the main EDR agent. And we will definitely build the main EDR driver. This driver will do a lot of things like protecting the agent, deploying the DLL, um, registering callbacks, things like that. And we'll also build a hooking DLL. That DLL will be responsible for hooking several functions inside of every application or whatever application we deem necessary and sending that telemetry back to the main agent. Uh depending on the traction that this series gets, we may or may not explore a little further and uh build like a file system mini filter, a network filter. We can look at um ELAM, which is early launch anti-malware and ETW uh which is event tracing for Windows. So, I hope you guys are excited. I will have more videos coming out very soon and we'll start building out that first piece, which is going to be the agent. Thank you for your time. Uh if you, if you're excited about the series, comment below. Make sure to like, comment, subscribe, and I will see you next time.