Closed 0xShkk closed 2 years ago
yes there is no user mode hooking
I would say the same for ESET
Yep most of the EDRs have moved to the kernel which is good. Some of them have moved to the kernel a long time ago.
On Wed, May 17, 2023 at 11:12 AM tamburro92 @.***> wrote:
I would say the same for ESET
— Reply to this email directly, view it on GitHub https://github.com/Mr-Un1k0d3r/EDRs/issues/19#issuecomment-1551582329, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABAK3LQAYS7DEJC4353XMC3XGTTF5ANCNFSM5O4IJNXA . You are receiving this because you modified the open/close state.Message ID: @.***>
-- *Mr.Un1k0d3r* or 1 #
Hi,
wanted to share my observation for Kaspersky. Seems like Kaspersky does the real hooking in Kernel mode as well like Cortex or Defender MDE.
How can those hooks be identified?