EDR Bypass Through Kernel Callbacks Removal | Hacking Tools | Crax

Welcome To Crax.Pro Forum!

Check our new Marketplace at Crax.Shop

   Login! SignUp Now!

  • We are in solidarity with our brothers and sisters in Palestine. Free Palestine. To learn more visit this Page

  • Crax.Pro domain has been taken down!

    Alternatives: Craxpro.io | Craxpro.com

EDR Bypass Through Kernel Callbacks Removal

EDR Bypass Through Kernel Callbacks Removal

kixen
LV
0
 

kixen

Member
Joined
Dec 8, 2021
Threads
1
Likes
3
Credits
150©
Cash
0$
https://github.com/wavestone-cdt/EdrSandblast

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.

As of release, combination of userland (--usermode) and Kernel-land (--kernelmode) techniques were used to dump LSASS memory under EDR scrutiny, without being blocked nor generating "OS Credential Dumping"-related events in the product (cloud) console. The tests were performed on 3 distinct EDR products and were successful in each case.
Click to read more...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

zaynarcker
    • Method/TUT How To Bypass Modern AI Anti-Fraud Systems 🛡️
    1
    268
    zilzal
    zilzal
    milf hunter
    • HACKING TOOLS, SKILLS AND ESSENTIALS
    2
    137
    abdhadj
    abdhadj
    milf hunter
    • BLACK HAT UNITED STATES TRAINING LEAK (2020)
    0
    108
    milf hunter
    milf hunter
    karan4321
    • CEH V12 LAST DUMPs-1
    0
    433
    karan4321
    karan4321
    karan4321
    • Course/Tutorial CEH V 12 EXAM LEAK - 2
    3
    238
    sdfsinik
    sdfsinik
    karan4321
    • Course/Tutorial CEH V12 EXAM DUMPs -6
    0
    163
    karan4321
    karan4321
    karan4321
    • CEH V 12 EXAM DUMP -1
    0
    413
    karan4321
    karan4321
    karan4321
    • Course/Tutorial CEH V 12 EXAM DUMPs-4
    0
    251
    karan4321
    karan4321
    karan4321
    • Course/Tutorial CEH V12 EXAM DUMP -3
    0
    107
    karan4321
    karan4321
    karan4321
    • Course/Tutorial CEH V 12 EXAM DUMP -5
    0
    146
    karan4321
    karan4321
    • Top Bottom
    Tools : Download Tools from our Resources.
    Configs : Download Configs[ob/ob2/svb/cyb/anom].
    Memes : Bored? Lets have some Memes (⁠◠⁠‿⁠◕⁠)
    Crax.Tube : 1st LEARN... Then remove the "L".
    NSFW : I stay away from the internet as much
                                               as I can. Except for PORN.
    Upgrade : Just £15 to access everything NOW!
    Earn : Low on Money?Start Earning from Crax Now!
    Crax.Shop : Buy/Sell without getting Scammed 💯