From ccd6bcbda5e6344e166c2bd47497384accd67072 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Tue, 7 Dec 2021 13:45:47 +0700
Subject: [PATCH] Add: wavestone-cdt/EdrSandblast to Defense Evasion section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index db5e5b6..60b5fe3 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -1641,6 +1641,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/Wra7h/Single-Dose">Wra7h/Single-Dose</a></td>
         <td>Generate process injection binaries</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/wavestone-cdt/EdrSandblast">wavestone-cdt/EdrSandblast</a></td>
+        <td>EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS protections</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/xct/morbol">xct/morbol</a></td>
         <td>Simple AV Evasion for PE Files</td>