Pentester's Promiscuous Notebook

Twitter GitHub Blog Sponsor

Twitter GitHub Blog Sponsor

README
⚒️Pentest
⚔️Red Team
🐞Exploit Dev
⚙️Admin

Powered by GitBook

On this page

EDRSandblast
EDRSnowblast
Blinding EDR
Tools

Pentest

Infrastructure

AD

AV / EDR Evasion

BYOVD

Bring Your Own Vulnerable Driver

Last updated 1 year ago

EDRSandblast

EDRSnowblast

Blinding EDR

Wipe kernel callbacks, prevent EDR internal communication, etc.

Tools

⚒️

https://www.loldrivers.io/

https://alice.climent-pommeret.red/posts/process-killer-driver/

https://z4ksec.github.io/posts/ioctlhunter-release-v0.2/

[PDF] EDR detection mechanisms and bypass techniques with EDRSandblast (Maxime Meignan, Thomas Diot)

https://github.com/wavestone-cdt/EDRSandblast

https://www.elastic.co/security-labs/forget-vulnerable-drivers-admin-is-all-you-need

https://github.com/gabriellandau/EDRSandblast-GodFault

https://v1k1ngfr.github.io/edrsnowblast/

https://synzack.github.io/Blinding-EDR-On-Windows/

https://sensepost.com/blog/2023/filter-mute-operation-investigating-edr-internal-communication/

https://github.com/Yaxser/Backstab

https://github.com/ZeroMemoryEx/Blackout

https://github.com/ZeroMemoryEx/Terminator