I create this project to Learn Edr Internals and Windows kernel Programming.
It only has one feature right now which is inject a Hook DLL into each process using KAPC. I will add More Features in the future.
This project is under development, so please use it with caution. It is recommended to run it inside a virtual machine to avoid any risks to your main system.
- Implement a memory scanner.
- Integrate basic logging and alerting system.
- Integrate ETW / ETW-TI
- Evading EDR Book (By Matt Hand).
- SensePost โ From Windows Drivers to an Almost Fully Working EDR (2024)
- SensePost โ mydumbEDR (GitHub)
- iRed Team โ Subscribing to Process Creation, Thread Creation, and Image Load Notifications from a Kernel Driver
- Experimenting with Protected Processes and Threat-Intelligence
- Xacone โ BestEDROfTheMarket
- EDR Development Playlist