Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Cerbersec/KillDefenderBOF

Beacon Object File PoC implementation of KillDefender
https://github.com/Cerbersec/KillDefenderBOF

Last synced: 22 days ago
JSON representation

Beacon Object File PoC implementation of KillDefender

Awesome Lists containing this project

README

        

# KillDefenderBOF

KillDefenderBOF is a Beacon Object File PoC implementation of [pwn1sher/KillDefender](https://github.com/pwn1sher/KillDefender) which is based on research by [Gabriel Landau](https://twitter.com/GabrielLandau). The article can be found [here](https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/).

KillDefenderBOF makes use of direct syscalls powered by [Sh0ckFR/InlineWhispers2](https://github.com/Sh0ckFR/InlineWhispers2).

> gcc -o KillDefender.o -c KillDefender.c -masm=intel

![Process Hacker](process-hacker.png)

![Beacon](beacon.png)