Pentester's Promiscuous Notebook

Ctrlk

Twitter GitHub Blog

README
⚒️Pentest
⚔️Red Team
🐞Exploit Dev
- BOF
- RE
- WinDbg
⚙️Admin

Powered by GitBook

On this page

EDRSandblast
EDRSnowblast
Blinding EDR
Tools

⚒️Pentest
Infrastructure
AD
AV / EDR Evasion

BYOVD

Bring Your Own Vulnerable Driver

https://www.loldrivers.io/
https://alice.climent-pommeret.red/posts/process-killer-driver/
https://z4ksec.github.io/posts/ioctlhunter-release-v0.2/

EDRSandblast

[PDF] EDR detection mechanisms and bypass techniques with EDRSandblast (Maxime Meignan, Thomas Diot)
https://github.com/wavestone-cdt/EDRSandblast
https://www.elastic.co/security-labs/forget-vulnerable-drivers-admin-is-all-you-need
https://github.com/gabriellandau/EDRSandblast-GodFault

EDRSnowblast

https://v1k1ngfr.github.io/edrsnowblast/

Blinding EDR

Wipe kernel callbacks, prevent EDR internal communication, etc.

https://synzack.github.io/Blinding-EDR-On-Windows/
https://sensepost.com/blog/2023/filter-mute-operation-investigating-edr-internal-communication/

Tools

https://github.com/Yaxser/Backstab
https://github.com/ZeroMemoryEx/Blackout
https://github.com/ZeroMemoryEx/Terminator

Last updated 1 year ago