SensePost | Blog

Sensecon 23: from Windows drivers to an almost fully working EDR

Reading time: ~54 min

Posted by aurelien.chalot@orangecyberdefense.com on 31 January 2024

Categories: Callbacks, Driver, Edr, Hooking, Kernel, Rootkit, Shellcodes, Ssdt, Winapi, Windows, Rootkits, Shellcode

Callbacks
Driver
Edr
Hooking
Kernel
Rootkit
Shellcodes
Ssdt
Winapi
Windows
Rootkits
Shellcode

TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here. EDR (Endpoint...

Reading time: ~21 min

Posted by jeanpascal.thomas@orangecyberdefense.com on 28 July 2023

Categories: Edr, Kernel, Reversing, Windows, Av bypass, Reverse engineering

For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a look at communication between a...