From cd0d983525029358bb65153b5222cc9f388f275b Mon Sep 17 00:00:00 2001 From: Maxime Meignan Date: Fri, 7 Jan 2022 10:02:29 +0100 Subject: [PATCH] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 43c85af..c099630 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ the original DLL on disk and the library residing in memory, that has been poten altered by an EDR. To perform this comparison, the following steps are followed by EDRSandblast: * The list of all loaded DLLs is enumerated thanks to the `InLoadOrderModuleList` located - int the `PEB` (to avoid calling any API that could be monitored and suspect) + int the `PEB` (to avoid calling any API that could be monitored and suspicious) * For each loaded DLL, its content on disk is read and its headers parsed. The corresponding library, residing in memory, is also parsed to identify sections, exports, etc.