Individual participant: $1,850
($1,450 USD early bird price).
Organization-Sponsored Employee: $2,550
($2,150 USD early bird price)
40+ hours
Live training session
Assignments
In class assignments
Certification
Certificate of completion
This hands-on workshop is designed to give cybersecurity professionals, malware researchers, and detection engineers a rare opportunity to explore how modern Endpoint Detection and Response (EDR) solutions truly work — and how to both research and build them from the ground up.
Over the course of 40+ hours, participants will gain practical skills and a deep understanding of EDR internals, common detection methodologies, and real-world evasion techniques. The workshop is structured to offer flexibility in content flow, allowing us to adapt the delivery based on participants’ learning pace and priorities.
The purpose of this training is not just to expose students to EDR theory but to empower them with the ability to think like an EDR developer and attacker. You’ll learn how static, dynamic, and heuristic engines operate, and then reverse engineer actual EDR components to analyze their logic and protection mechanisms. You’ll also learn how attackers craft evasive techniques to bypass such detection, and then build the components needed to detect or prevent these techniques yourself.
Whether you start by diving into how EDR drivers hook Syscalls or by exploring process injection and memory bombing, each section includes live demos, guided exercises, and lab environments to reinforce the concepts in real-time. The course also provides an OVA-based research lab you can use to safely test EDR behavior and bypass strategies, even after the course ends.
Instructors Pavel Yosifovich and Uriel Kosayev will each bring their unique expertise — from low-level Windows internals and kernel development to advanced EDR evasion and reverse engineering.
25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses on PentesterAcademy, and “Windows Internals” series of courses on PluralSight.
Cybersecurity researcher and red teamer who lives both on the offensive and defensive fronts. The author of the “Antivirus Bypass Techniques”, “Malware Analysis On Steroids” books, expert in malware research, reverse engineering, penetration testing, digital forensics, and incident response.
Endpoint Detection and Response (EDR) solutions are a core layer of defense in modern enterprise environments. As cyber threats continue to evolve, understanding how EDR systems operate — and how adversaries bypass them — has become essential for both red and blue team professionals. This course offers a comprehensive path into the world of EDR internals, providing the technical depth required to dissect, analyze, and build detection capabilities at both user-mode and kernel-mode levels.
From unpacking the inner workings of commercial EDR engines to building your own detection logic against advanced threats, this training empowers participants to think critically and creatively about endpoint defense. The content bridges the gap between malware reverse engineering, low-level Windows internals, and kernel driver development — all delivered through practical, real-world labs and research-focused exercises.
Whether you’re defending infrastructure, researching detection bypasses, or engineering the next generation of security tools, this course provides the essential skills to navigate and master the world of EDR.
@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy