Users of Endpoint Detection Response (EDR) systems know they are powerful tools for detecting Threat Actors (TA)'s. But there is often be a lot of mystery about how they work and hence the badness of what they detect and/or block. This mystery makes can not only make it difficult to understand EDR coverage of attacks, but more critically understand an major EDR pain point which is they tend to have a lot of false positives. For understanding how EDRs work, I really like th
