Little AV/EDR Evasion Lab for training & learning purposes. (️ under construction..) ____ _ _____ ____ ____ ___ __ _____ _ | __ ) ___ ___| |_ | ____| _ | _ / _ / _| |_ _| |__ ___ | _ / _ / __| __| | _| | | | | |_) | | | | | |_ | | | '_ / _ | |_) | __/__ |_ | |___| |_| | _ < | |_| | _| | | | | | | __/ |____/____||___/__| |_____|____/|_| _ ___/|_| |_| |_| |_|___| | / | __ _ _ __| | _____| |_ | |/| |/ _` | '__| |/ / _ __| | | | | (_| | | | < __/ |_ Yazidou – github.com/Xacone |_| |_|__,_|_| |_|____|__| BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) project, designed to serve as a testing ground for understanding and bypassing EDR's user-mode detection methods that are frequently used by these security solutions. These techniques are mainly based on a dynamic analysis of the target process state (memory, API calls, etc.), Feel free to check this short article I wrote that describe the interception and analysis methods implemented by the EDR. Defensive Techniques Multi-Levels API Hooking SSN Hooking/Crushing IAT Hooking Shellcode Injection Detection Reflective Module Loading Detection Call Stack Monitoring In progress: Heap Monitoring ROP Mitigation AMSI Patching Mitigation ETW Patching Mitigation Usage Usage: BestEdrOfTheMarket.exe [args] …Read More
BestEdrOfTheMarket – Little AV/EDR Bypassing Lab For Training And Learning Purposes
