WPF filter

[sec13b]

is it possible to apply WPF filter to some specific driver ? Thanks,

[myzxcg]

This project has not yet implemented the processing of WPF filter. There are other open source projects that have implemented WPF filter to block EDR communication.

[sec13b]

1. i love your work
2. for WPF filter i will search.
3. a second question , (is for me ) how i convert .sys file in driver shellcode , i think is more ok to use the lol drivers in unsigned char shellcode edr/xdr dont cant smell
4. how i convert .sys file in .bin

thank you

[myzxcg]

3. As far as I know, since the absolute path of the driver needs to be specified when registering and loading the driver, it is not possible to convert the driver into shellcode and load it in memory at the same time. However, this is not absolute, and there may still be other ways that have not been discovered yet.
4. The .bin file is just the name on the loldrivers website, you just need to change it to a .sys suffix.

[sec13b]

bin/sys is instant detected

[myzxcg]

It is normal to be detected. This is an open source project and is only used for testing.

[myzxcg]

If you want to exploit, you need to find an undisclosed exploitable driver and integrate it into this project.