From 2ec3e35bc14b54d8843796807c69fd9815bad822 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Wed, 10 Feb 2021 16:32:10 +0700
Subject: [PATCH] Add: asaurusrex/EDR_Userland_Hook_Checker to Defense Evasion
 section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index 46b7928..6f4a0ae 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -561,6 +561,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/asaurusrex/DoppelGate">asaurusrex/DoppelGate</a></td>
         <td>This project is designed to provide a method of extracting syscalls dynamically directly from on-disk ntdll. Userland hooks have become prevalent in many security products these days, and bypassing these hooks is a great way for red teamers/pentesters to bypass these defenses.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/asaurusrex/EDR_Userland_Hook_Checker">asaurusrex/EDR_Userland_Hook_Checker</a></td>
+        <td>Project to check which Nt/Zw functions your local EDR is hooking</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/bats3c/Ghost-In-The-Logs">bats3c/Ghost-In-The-Logs</a></td>
         <td>Evade sysmon and windows event logginEvade sysmon and windows event loggingg</td>