EDRs This repo contains information about EDRs that can be useful during red team exercise. Want to contribute simply run hook_finder64.exe C:\windows\system32\ntdll.dll and submit the output. CrowdStrike hooked ntdll.dll APIs CrowdStrike hooks list SentinelOne hooked ntdll.dll APIs SentinelOne hooks list Cylance hooked ntdll.dll APIs (Thanks to Seemant Bisht) Cylance hooks list Sophos hooked ntdll.dll APIs Sophos hooks list Attivo Deception hooked ntdll.dll APIs Attivo hooks list CarbonBlack hooked ntdll.dll APIs (Thanks to Hackndo) CarbonBlack hooks list Symantec hooked ntdll.dll APIs (Thanks to CarsonSallis) Symantec hooks list DeepInstinct hooked ntdll.dll APIs (Thanks to P0chAcc0) DeepInstinct hooks list Morphises hooked ntdll.dll APIs Morphisec hooks list Credit Mr.Un1k0d3r RingZer0 Team