Advanced Plus Technical Training

EDR Attack Vectors

Start Date: June 10 2021

14:00 - 16:00 UTC+3 Helsinki

Course Description

This course covers practical aspects of how to analyze various stages of attack using the data provided by F-Secure EDR. The lectures are divided by attack specs. in the first lecture we will study various initial execution methods, in the second migration from the first compromised process, and so forth.

Each lecture is divided into introduction of the particular step, the most common methods used by attackers, and then continues with example data recorded by EDR. Each student will be provided a read only access to training company where we have example each exhibiting a given malicious behavior.

These lectures will be available later in F-Secure Academy as recordings – however, to benefit from the interactivity of the lectures, joining them is very much encouraged. Attending three of the five lectures of the course either via the events or through F-Secure Academy will provide you with an EDR Advanced Training certificate. 


  • Lecture 1: June 10th EDR attach vectors 1/5: Execution
  • Lecture 2: June 22nd EDR attach vectors 2/5: Migration
  • Lecture 3: September 14th EDR attach vectors 3/5: Privilege Escalation
  • Lecture 4: October 5th EDR attach vectors 4/5: Persistence
  • Lecture 5: October 26th EDR attach vectors 5/5: Lateral Movement

Each lecture will be given online at 14:00 - 16:00 UTC+3 Helsinki time. 


The Advanced Plus courses are free of charge and can be attended by any F-Secure Partner. The course requires some technical knowledge on how RDR functions, so we recommend completing F-Secure RDR Technical Training (Basic) in F-Secure Academy before participating.


Jarno Niemelä
Principal Researcher, Tactical Defence Unit, F-Secure

Jarno Niemelä works as a Principal Researcher at F-Secure Tactical Defence unit. Jarno has been working on cyber defence related topics at F-Secure since year 2000, first in Anti-Virus lab, and then moving into behavioral analysis, behavioral analysis automation and cyber defence related topics. Jarno has been working with RDR and its predecessor technologies since their implementation at F-Secure.