827Dream
commented
2 years ago 你可以使用内核模式,但是这个项目里只是去掉了EDR相关的进程、线程和模块加载回调,所以默认没有去掉卡巴相关的回调,你可以自己修改代码,也可以使用他提到的CheekyBlinder项目
Closed wgetnz closed 2 years ago
827Dream
commented
2 years ago 你可以使用内核模式,但是这个项目里只是去掉了EDR相关的进程、线程和模块加载回调,所以默认没有去掉卡巴相关的回调,你可以自己修改代码,也可以使用他提到的CheekyBlinder项目
Qazeer
commented
2 years ago It's probable that the project get statically flagged by AV engines (and increasingly likely over time).
Kaspersky (and others) may also rely on mechanisms not addressed by this tool (such as detecting LSASS dump file touching disk, ...).
Closing this issue.
Cannot bypass Kaspersky when dump lsass