This LIVE hands-on workshop is designed to give cybersecurity professionals, malware researchers, and detection engineers a rare opportunity to explore how modern Endpoint Detection and Response (EDR) solutions truly work — and how to both research and build them from the ground up.
Over the course of 40+ hours, participants will gain practical skills and a deep understanding of EDR internals, common detection methodologies, and real-world evasion techniques. The workshop is structured to offer flexibility in content flow, allowing us to adapt the delivery based on participants’ learning pace and priorities. Instructors Pavel Yosifovich and Uriel Kosayev will each bring their unique expertise — from low-level Windows internals and kernel development to advanced EDR evasion and reverse engineering.
All sessions will also be recorded and uploaded to the trainsec student portal to allow students to re-watch at their convenience.
40+ hours
Live training session
Assignments
In class assignments
Certification
Certificate of completion
This LIVE hands-on workshop is designed to give cybersecurity professionals, malware researchers, and detection engineers a rare opportunity to explore how modern Endpoint Detection and Response (EDR) solutions truly work — and how to both research and build them from the ground up.
Over the course of 40+ hours, participants will gain practical skills and a deep understanding of EDR internals, common detection methodologies, and real-world evasion techniques. The workshop is structured to offer flexibility in content flow, allowing us to adapt the delivery based on participants’ learning pace and priorities.
The purpose of this training is not just to expose students to EDR theory but to empower them with the ability to think like an EDR developer and attacker. You’ll learn how static, dynamic, and heuristic engines operate, and then reverse engineer actual EDR components to analyze their logic and protection mechanisms. You’ll also learn how attackers craft evasive techniques to bypass such detection, and then build the components needed to detect or prevent these techniques yourself.
Whether you start by diving into how EDR drivers hook Syscalls or by exploring process injection and memory bombing, each section includes live demos, guided exercises, and lab environments to reinforce the concepts in real-time. The course also provides an OVA-based research lab you can use to safely test EDR behavior and bypass strategies, even after the course ends.
This intensive online program delivers over 40 hours of live training in ten × 4-hour sessions on Microsoft Teams. You will receive your personal meeting link no later than two weeks before the first class. Throughout each session, instructors Pavel Yosifovich and Uriel Kosayev will guide you through EDR internals in real time, encourage questions, and foster open discussion so you can immediately deepen and apply your expertise.
All sessions recordings will be uploaded to the trainsec student portal right after the sessions to allow students to re-watch at their convenience.
Instructors Pavel Yosifovich and Uriel Kosayev will each bring their unique expertise — from low-level Windows internals and kernel development to advanced EDR evasion and reverse engineering.
25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses on PentesterAcademy, and “Windows Internals” series of courses on PluralSight.
Cybersecurity researcher and red teamer who lives both on the offensive and defensive fronts. The author of the “Antivirus Bypass Techniques”, “Malware Analysis On Steroids” books, expert in malware research, reverse engineering, penetration testing, digital forensics, and incident response.
Endpoint Detection and Response (EDR) solutions are a core layer of defense in modern enterprise environments. As cyber threats continue to evolve, understanding how EDR systems operate — and how adversaries bypass them — has become essential for both red and blue team professionals. This course offers a comprehensive path into the world of EDR internals, providing the technical depth required to dissect, analyze, and build detection capabilities at both user-mode and kernel-mode levels.
From unpacking the inner workings of commercial EDR engines to building your own detection logic against advanced threats, this training empowers participants to think critically and creatively about endpoint defense. The content bridges the gap between malware reverse engineering, low-level Windows internals, and kernel driver development — all delivered through practical, real-world labs and research-focused exercises.
Whether you’re defending infrastructure, researching detection bypasses, or engineering the next generation of security tools, this course provides the essential skills to navigate and master the world of EDR.
Price (Early-Bird)
$1,450 – Individuals / Freelancers
$2,150 – Companies
Offer ends 30/Sep/25
This LIVE hands-on workshop is designed to give cybersecurity professionals, malware researchers, and detection engineers a rare opportunity to explore how modern Endpoint Detection and Response (EDR) solutions truly work — and how to both research and build them from the ground up.
All sessions will also be recorded and uploaded to the trainsec student portal to allow students to re-watch at their convenience.
SOC Analyst Professional – Foundations with 10+ hours of hands-on training in detection, investigation, and incident response fundamentals. Learn more inside.
Course Provider: Organization
Course Provider Name: TrainSec
Course Provider URL: https://trainsec.net/
Course Mode: Online
Course Workload: PT10H
Duration: PT10H
Course Type: Paid
Course Currency: USD
Course Price: 500
@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy