Tom Philippe

Tom is a cybersecurity enthusiast who spends his days hacking things and his nights learning from other hackers. When he's not lost in his debugger trying to understand why his Hello World program crashes, he's leading the charge in offensive security at Responsible Cyber.

Tom's passion for all things cyber has led him down some interesting paths, including playing around with LLMs, spending way too much on cloud resources, or more recently diving deep into kernel-level operations for fun.


Session

12-14
14:45
45min
When the Hunter Becomes the Hunted: Using Minifilters to Disable EDRs
Tom Philippe

This presentation explores the advanced use of minifilters in offensive security operations, focusing on their application in bypassing and disabling EDRs. We will delve into the architecture of EDR systems and common offensive uses of mini filters, such as bypassing file system monitoring.

We will then introduce a novel technique to entirely disable EDRs via the abuse of minifilters.

The talk will also cover the implications for defensive security and potential countermeasures, aiming to provide valuable insights for both offensive and defensive security professionals.

Main talk track
Track 3