2023-04-08 11:39:39
Подборка материалов по обходу EDR
https://blog.nviso.eu/2021/10/21/kernel-karnage-part-1/
https://windows-internals.com/thread-and-process-state-change/
https://nasbench.medium.com/symantec-edr-internals-event-enrichment-rules-part-i-b5e4340041a7
https://github.com/asaurusrex/Probatorum-EDR-Userland-Hook-Checker
https://github.com/CCob/SharpBlock/
https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
https://github.com/jthuraisamy/SysWhispers2
https://www.crummie5.club/freshycalls/
https://outflank.nl/blog/2020/12/26/direct-syscalls-in-beacon-object-files/
https://github.com/jthuraisamy/TelemetrySourcerer/blob/master/TelemetrySourcerer/UmETW.cpp
https://blog.nviso.eu/2021/10/21/kernel-karnage-part-1/
https://windows-internals.com/thread-and-process-state-change/
https://nasbench.medium.com/symantec-edr-internals-event-enrichment-rules-part-i-b5e4340041a7
https://github.com/asaurusrex/Probatorum-EDR-Userland-Hook-Checker
230 views08:39