Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
72 Commits 2 Branches 0 Tags
5bfd633022d32857b5723e086fafa72e15021e31
Commit Graph

24 Commits

Author SHA1 Message Date
Maxime Meignan b1321850c1 ExtractOffsets.py: detect invalid PDB 2023-11-03 15:57:35 +01:00
Maxime Meignan 43b159e2b1 ExtractOffsets.py: handle new offsets & duplicate PEs on MS servers 2023-11-03 15:57:10 +01:00
Maxime Meignan f15471d12c DSE bypass : implemented "callback swapping" method 
The new default method for unsigned driver loading uses a KDP compatible
technique, since it does not overwrite the protected variable g_CiOptions.
Based on the work of: https://github.com/0mWindyBug/KDP-compatible-driver-loader

Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
 2023-11-03 15:13:36 +01:00
Maxime Meignan 09dc67bc65 v1.0 of the pypdb parser: completely removed the radare2 dependency 2023-10-31 17:06:20 +01:00
Maxime Meignan d38b84d179 starting removing the PE parsing in ExtractOffsets.py to get rid of r2 2023-10-27 16:18:42 +02:00
v1k1ngfr 7be844b518 Add feature : loading unsigned driver 2023-10-06 12:48:29 +02:00
Maxime Meignan 9939301140 ExtractOffsets.py: added safety check in version number recovery 2023-10-06 11:46:25 +02:00
Maxime Meignan a49f69b122 ExtractOffsets.py: adds an optionnal control on number of threads 2023-10-06 11:46:25 +02:00
Maxime Meignan 5f82ba2efe ExtractOffsets.py: minor syntactic, cosmetic and safety changes 2023-10-06 10:31:26 +02:00
Maxime Meignan 75b0168045 Merge branch 'master' into g_CiOptionExtract 2023-10-06 10:24:05 +02:00
laxa a561976b5d Fix version parsing issue in offsets extractor 
Now finding version information in the nested json file to prevent some
crashes and potentially retrieving more ntoskrnl.exe files
 2023-10-05 15:11:16 +02:00
laxa 45d3ff5486 Fix concurrency issues in offsets extractor 
Fixes the following:
* The progress not showing correctly when downloading and processing files.
    I had to remove some verbose information to avoid the progress being rewritten
* Introducing locks when downloading files to prevent any race when printing
 2023-10-05 14:34:58 +02:00
Maxime Meignan bafddfbced Fixed a radare2 version parsing error in extractoffsets.py 2023-04-17 16:07:09 +02:00
Viking a3966d34b3 Update CiOffsets.csv 2022-12-28 17:08:06 +01:00
Viking 919ec7dea1 Add CiOffsets.csv 
It contains g_CiOptions offset for several ci.dll version
 2022-12-11 11:02:21 +01:00
Viking 5f2734a888 Add g_CiOptions offset extract "feature" 
Here is an example :  
ExtractOffsets.py ci -i C:\Windows\System32\ci.dll
 2022-12-06 18:13:53 +01:00
Qazeer 48a75a7029 D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more 
Co-authored-by: Maxime Meignan <maxime.meignan@wavestone.com>
 2022-08-13 09:23:48 -07:00
Qazeer 744754ae04 Fixes typos in ExtractOffsets script 2022-01-17 23:51:05 +01:00
Maxime Meignan d29986ab80 Improved error verbosity 2022-01-17 17:19:21 +01:00
Qazeer c058ff312a [Offsets] adds new ntoskrnl offsets 2022-01-07 12:29:08 +01:00
zeroNounours 10c04a9174 Rather use r2 to get file version than pefile 2021-12-08 13:55:16 +01:00
zeroNounours 82704114b3 Make ExtractOffsets.py compatible with Linux 2021-12-08 13:43:29 +01:00
Qazeer 894f58377b [Offsets] adds new ntoskrnl & wdigest offsets 2021-12-07 15:49:28 +01:00
Maxime Meignan 4bff81986b Initial commit for public version 
Co-authored-by: Thomas Diot <thomas.diot@wavestone.com>
 2021-11-08 09:54:05 +01:00