edr
Here are 8 public repositories matching this topic...
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
-
Updated
Apr 10, 2021 - C
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
-
Updated
Feb 10, 2023 - C
Transparently call NTAPI via Halo's Gate with indirect syscalls.
-
Updated
Apr 26, 2024 - C
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
-
Updated
Jan 24, 2024 - C
Improve this page
Add a description, image, and links to the edr topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the edr topic, visit your repo's landing page and select "manage topics."