Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
92 Commits 2 Branches 0 Tags
master
Commit Graph

20 Commits

Author SHA1 Message Date
Maxime Meignan 794dd9c254 CLI: bugfix: the output path was too small to be overwritten 2023-11-29 17:39:49 +01:00
Maxime Meignan e567c488ff [new feature] Implements EDR minifilter callbacks detection and removal 
Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
 2023-11-29 14:32:35 +01:00
Maxime Meignan 4c2449cfd4 Changed the way found callbacks are stored (removed the size limit) 2023-11-29 14:25:39 +01:00
Maxime Meignan 5bfd633022 Various cosmetic changes 2023-11-29 00:03:46 +01:00
Maxime Meignan eadbeaaad0 Added directions when the vulnerable driver does not unload correctly 2023-11-03 16:23:17 +01:00
Maxime Meignan b7b17f8b51 visual studio configuration changes 2023-11-03 16:11:39 +01:00
Maxime Meignan f15471d12c DSE bypass : implemented "callback swapping" method 
The new default method for unsigned driver loading uses a KDP compatible
technique, since it does not overwrite the protected variable g_CiOptions.
Based on the work of: https://github.com/0mWindyBug/KDP-compatible-driver-loader

Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
 2023-11-03 15:13:36 +01:00
Maxime Meignan 15c3b706f1 various cosmetic changes to please the code analyzer 2023-10-31 17:07:17 +01:00
Maxime Meignan aa408ced60 tweaking configuration files 2023-10-19 11:20:41 +02:00
Maxime Meignan 4d2789b21b added a PE_find_static_relative_reference function (not used yet) 
Function that can be used to find cross-references of a global variable
or a function
 2023-10-19 11:20:30 +02:00
Maxime Meignan 482ab84a11 CLI: adding a small todo regarding DSE bypass 2023-10-10 15:44:20 +02:00
Maxime Meignan c9ee91eaa8 CLI: added the correct flags for DSE bypass 2023-10-10 15:44:08 +02:00
Maxime Meignan 7590a11389 CiOptions: Simplifies the way CI.dll base address is recovered 
Instead of using the kernel R/W primitive, uses userland API to enumerate
kernel modules
 2023-10-09 16:30:36 +02:00
Maxime Meignan 0a817fea93 g_CiOptions patching: fixed a crash 2023-10-09 14:59:10 +02:00
Maxime Meignan 0b0086ea92 cosmetic changes & compiler warnings fixes 2023-10-09 14:57:49 +02:00
Maxime Meignan 43cea1f08b small cleanup in header files 2023-10-06 16:12:52 +02:00
v1k1ngfr 7be844b518 Add feature : loading unsigned driver 2023-10-06 12:48:29 +02:00
Maxime Meignan fe4ab633da Ensure retrocompatibility with Windows XP->Windows 7 
Replaced PathCch* function with Path* functions
 2022-11-15 16:05:05 +01:00
Maxime Meignan 5ac077e81f Change compilation options to fix Debug build profile 2022-11-15 16:03:46 +01:00
Qazeer 48a75a7029 D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more 
Co-authored-by: Maxime Meignan <maxime.meignan@wavestone.com>
 2022-08-13 09:23:48 -07:00