SensePost | Blog

Sensecon 23: from Windows drivers to an almost fully working EDR

Reading time: ~54 min

Posted by aurelien.chalot@orangecyberdefense.com on 31 January 2024

Categories: Callbacks, Driver, Edr, Hooking, Kernel, Rootkit, Shellcodes, Ssdt, Winapi, Windows, Rootkits, Shellcode

Callbacks
Driver
Edr
Hooking
Kernel
Rootkit
Shellcodes
Ssdt
Winapi
Windows
Rootkits
Shellcode

TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here. EDR (Endpoint...

Reading time: ~6 min

Posted by symeon on 18 November 2016

Categories: Empire, Windows, Dll injection, Hooking

This is my password,” said the King as he drew his sword. “The light is dawning, the lie broken. Now...

Reading time: ~8 min

Posted by symeon on 10 March 2016

Categories: Android, Howto, Mobile, Blackbox, Hooking

Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for...