Add: asaurusrex/EDR_Userland_Hook_Checker to Defense Evasion section

2025-01-05 13:00:49 -05:00 · 2021-02-10 16:32:10 +07:00 · 2021-02-10 16:32:10 +07:00 · 2ec3e35bc1
commit 2ec3e35bc1
parent 3d6b5c764e
1 changed files with 4 additions and 0 deletions
--- a/Offensive.md
+++ b/Offensive.md
@ -561,6 +561,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/asaurusrex/DoppelGate">asaurusrex/DoppelGate</a></td>
        <td>This project is designed to provide a method of extracting syscalls dynamically directly from on-disk ntdll. Userland hooks have become prevalent in many security products these days, and bypassing these hooks is a great way for red teamers/pentesters to bypass these defenses.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/asaurusrex/EDR_Userland_Hook_Checker">asaurusrex/EDR_Userland_Hook_Checker</a></td>
+        <td>Project to check which Nt/Zw functions your local EDR is hooking</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/bats3c/Ghost-In-The-Logs">bats3c/Ghost-In-The-Logs</a></td>
        <td>Evade sysmon and windows event logginEvade sysmon and windows event loggingg</td>