SensePost | Blog

Sensecon 23: from Windows drivers to an almost fully working EDR

Reading time: ~54 min

Posted by aurelien.chalot@orangecyberdefense.com on 31 January 2024

Categories: Callbacks, Driver, Edr, Hooking, Kernel, Rootkit, Shellcodes, Ssdt, Winapi, Windows, Rootkits, Shellcode

Callbacks
Driver
Edr
Hooking
Kernel
Rootkit
Shellcodes
Ssdt
Winapi
Windows
Rootkits
Shellcode

TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here. EDR (Endpoint...