In this module, students will move from conceptual understanding into structured, hands on EDR research. Students will learn how to design and execute EDR research using a repeatable methodology, prepare clean research environments, gather meaningful telemetry, and analyze real EDR implementations. The module combines OpenEDR and Microsoft Defender for Endpoint (MDE) to demonstrate differences in maturity, protection mechanisms, and telemetry pipelines, and introduces foundational EDR component reverse engineering techniques.