Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Cerbersec/KillDefenderBOF

Beacon Object File PoC implementation of KillDefender
https://github.com/Cerbersec/KillDefenderBOF

Last synced: 22 days ago
JSON representation

Beacon Object File PoC implementation of KillDefender

Host: GitHub
URL: https://github.com/Cerbersec/KillDefenderBOF
Owner: Cerbersec
Created: 2022-02-06T21:59:03.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2022-04-12T17:45:50.000Z (over 2 years ago)
Last Synced: 2024-08-05T17:24:43.943Z (4 months ago)
Language: C
Homepage:
Size: 101 KB
Stars: 210
Watchers: 5
Forks: 30
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - Cerbersec/KillDefenderBOF - Beacon Object File PoC implementation of KillDefender (C)

README

        # KillDefenderBOF

KillDefenderBOF is a Beacon Object File PoC implementation of [pwn1sher/KillDefender](https://github.com/pwn1sher/KillDefender) which is based on research by [Gabriel Landau](https://twitter.com/GabrielLandau). The article can be found [here](https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/).

KillDefenderBOF makes use of direct syscalls powered by [Sh0ckFR/InlineWhispers2](https://github.com/Sh0ckFR/InlineWhispers2).

> gcc -o KillDefender.o -c KillDefender.c -masm=intel

![Process Hacker](process-hacker.png)

![Beacon](beacon.png)