3 matches found
EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections Kernel callbacks and ETW TI provider and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland...
TiEtwAgent - PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes
This project was created to research, build and test different memory injection detection use cases and bypass techniques. The agent utilizes Microsoft-Windows-Threat-Intelligence event tracing provider, as a more modern and stable alternative to Userland-hooking, with the benefit of Kernel-mode...
I2S-LAB-10-15-03.Shell32-Do.txt
I2S LAB Security Advisory http://www.I2S-LAB.com Date : 12 / 03 / 2003 Affected systems : Microsoft Windows 2000 SP4 and below Vendor : http://www.microsoft.com Issue : Attackers can turn a media directory, drive, mail, ... into a remote bomb crashing any application which would try to acces it...