Giter Club home page Giter Club logo

edrs's People

Contributors

cryptonymco avatar hackndo avatar mr-un1k0d3r avatar scriptidiot avatar t3nb3w avatar trickster0 avatar vysecurity avatar waawaa avatar xalicex avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

fengjixuchui epichoxha killvxk raystyle bfuzzy1 fuzzheaded ferretking gavz l34rn rvrsh3ll y11en laowang1026 nusiloot indiazhangsan gajasurve hackndo skysbsb ashr harry1080 kobbycyber zha0 jymcheong crackercat hm200958 firstblue hatchetxuexi goowen binlmmhc triplekill sesyi kibercthulhu bhassani jack51706 littlecho fishdom888 gdraperi red-infosec carsonsallis digitalarche tomyang9 wfclym codingman lyingsimon shelld0n olivierh59500 syphon1c m00zh33 lex1010 2217936322 freeide c9a1k todonnal-r7 v4nyl oldsecureiqlab vysecurity dskho blueskeye th3xace xenoscr labba lt-src marciopocebon pirenga 5m477 cybersecops jessefmoore brittadams vn-os w0rk3r invokethreatguy s0fianehamlaoui cpo-eh compilepeace thebigplate zephrfish ktaranov drwpeng helviojunior diegoalbuquerque fnsank idkwim tristandostaler 3v0lver benheise r3dtap3 humble-desser t3hpaul qiqi1 wisdark credteam ignitionlab br3ign ccdev-labs stackrun boku7 zanzo420 her0ness a10ncoder knsankar msmakhlouf

edrs's Issues

Kaspersky

Hi,

wanted to share my observation for Kaspersky.
Seems like Kaspersky does the real hooking in Kernel mode as well like Cortex or Defender MDE.

How can those hooks be identified?

Loading c:\Windows\System32\ntdll.dll
HookFinder Mr.Un1k0d3r RingZer0 Team
Listing loaded modules
------------------------------------------
C:\Users\user\Desktop\hook_finder64.exe is loaded at 0x0000000000400000.
C:\Windows\SYSTEM32\ntdll.dll is loaded at 0x00007FFF0C150000.
C:\Windows\System32\KERNEL32.DLL is loaded at 0x00007FFF0BBF0000.
C:\Windows\System32\KERNELBASE.dll is loaded at 0x00007FFF09A90000.
C:\Windows\System32\msvcrt.dll is loaded at 0x00007FFF0BDE0000.
***Listing Nt* API only

NtQuerySystemTime is hooked
------------------------------------------
Completed

Detailed usage guide

Thank you for putting this together! I have been trying to get this to work; but am not having success. I'm using crowdstrike in my test environment and have compiled the cs unhooking C code into an EXE. Running it does not appear to unhook cs and allow post ex activities (like mimikatz) after the unhooking code is executed. Am I missing something? Is there a detailed usage guide for how to make use of this? Thanks to any who are able to provide some pointers!

MDE/ATP

Wanted to share that Microsoft Defender for Endpoint (MDE) (previously known as Advanced Threat Protection (ATP)) is embedded within the operating system and does not seem to hook anything on ntdll.dll. Perhaps you might want to add that to the list despite the empty output.

Windows 10 Home - SO 18363.1440 

Loading C:\windows\system32\ntdll.dll
HookFinder Mr.Un1k0d3r RingZer0 Team
------------------------------------------
BASE                    0x00007FF8BC940000      MZÉ
PE                      0x00007FF8BC9400D8      PE
ExportTableOffset       0x00007FF8BCA8C370
OffsetNameTable         0x00007FF8BCA8E8CC
Functions Count         0x94d (2381)
------------------------------------------
RtlInitializeSListHead is hooked
------------------------------------------
Completed

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.