Cl0wnK1n9
commented
4 months ago It's no fully bypass any EDR, these program just trying to bypass some hook method that can be use in EDR.
Closed sec13b closed 4 months ago
Cl0wnK1n9
commented
4 months ago It's no fully bypass any EDR, these program just trying to bypass some hook method that can be use in EDR.
sec13b
commented
4 months ago so, to understand , can kill some EDR process ?
Cl0wnK1n9
commented
4 months ago Yes base on how edr impliment win api hook. Each edr have diffirence win api hook list and it can be user mode hook or kernel hook mode https://github.com/Mr-Un1k0d3r/EDRs
My code just a sample code that create win api hook and way to bypass it so edr won't have information about hooked function which mean no telemetry is sent to edr server to analyze.
sec13b
commented
4 months ago i try to compile i get this error :
Error MSB3030 Could not copy the file "C:\Users\work\Desktop\Kniget\EDR\EDR-bypass-Cl0wnK1n9\NtWriteVirtualMemoryhook\x64\Release\NtSetInformationProcess.dll" because it was not found.
Nirvana
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v170\Microsoft.CppCommon.targets 2686
Cl0wnK1n9
commented
4 months ago You must change the dll path before compile
on which EDR has been tested? you've tested it on several EDRs ?