Our 2-day edition, "Effective Linux EDR Evaluation Testing for Red and Blue Team" training has been officially accepted for the second time in a row for Black Hat Asia 2026. It is a great pleasure and a fantastic opportunity. Registration is already open. Take a look at the agenda and register asap! See ya in Singapore! 

During the training, we'll examine and learn how to execute custom EDR validation checks mapped to MITRE ATT&CK™ Framework as evaluation checks. We are not going to focus on one specific vendor or tool. Thanks to the program of this course, you will be able to run your own evaluation tests manually against whatever EDR you have/want to have in production. The course content will also greatly expand your knowledge in the area of Linux threat hunting and incident response because the best defense comes from the best offense.

There are a few main ideas and goals behind the course:

• Teach you what offensive techniques exist in Linux, with mapping to the Offensive Linux Matrix
• Deliver you a ready-to-copy-and-paste blocks of code that you can use during your own penetration testing/emulation engagements, detection coverage testing, or EDR evaluations, with the possibility of chaining and creating advanced Linux custom attack paths
• Provide step-by-step instructions about how to generate payloads, how to set up, and operationally use C2 frameworks like Mythic, Sliver, Merlin, and others
• Teach you how to handle true hands-on evaluation testing of modern Linux EDR
• Explain what you should expect from modern Linux EDR products with a focus on the internals, capabilities, detection, and operational efficiency
• Introduce you to commercial Linux EDR solutions and Open Source Run Time Security implementations as well.

By the end of this training, you'll have the knowledge to make informed decisions about LinuxEDR/Runtime Security solutions and a methodology for evaluating your own cybersecurity readiness. This practical approach will equip you with the skills to enhance your organization's defense against Linux advanced persistent threats. Ultimately, this course will include techniques and ideas for bypassing individual EDR engines/specific components, news, research notes, tons of external links, and important updates.
If you want to enhance your understanding of Linux x86/x64 internals and stay prepared forLinux threats, this training is a must-attend!

LINK: https://blackhat.com/asia-26/training/schedule/index.html#effective-linux-edr-evaluation-testing-for-red-and-blue-team-49690