Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Cerbersec/KillDefenderBOF
Beacon Object File PoC implementation of KillDefender
https://github.com/Cerbersec/KillDefenderBOF
Last synced: 22 days ago
JSON representation
Beacon Object File PoC implementation of KillDefender
- Host: GitHub
- URL: https://github.com/Cerbersec/KillDefenderBOF
- Owner: Cerbersec
- Created: 2022-02-06T21:59:03.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-04-12T17:45:50.000Z (over 2 years ago)
- Last Synced: 2024-08-05T17:24:43.943Z (4 months ago)
- Language: C
- Homepage:
- Size: 101 KB
- Stars: 210
- Watchers: 5
- Forks: 30
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Cerbersec/KillDefenderBOF - Beacon Object File PoC implementation of KillDefender (C)
README
# KillDefenderBOF
KillDefenderBOF is a Beacon Object File PoC implementation of [pwn1sher/KillDefender](https://github.com/pwn1sher/KillDefender) which is based on research by [Gabriel Landau](https://twitter.com/GabrielLandau). The article can be found [here](https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/).
KillDefenderBOF makes use of direct syscalls powered by [Sh0ckFR/InlineWhispers2](https://github.com/Sh0ckFR/InlineWhispers2).
> gcc -o KillDefender.o -c KillDefender.c -masm=intel
![Process Hacker](process-hacker.png)
![Beacon](beacon.png)