nuts7 / edrsandblast Goto Github PK
View Code? Open in Web Editor NEWThis project forked from wavestone-cdt/edrsandblast
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.