Lädt...

📰 SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Met


Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: feedproxy.google.com


New and improved C# Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools. Catches hidden EDRs as well via its metadata checks, more info in a blog post coming soon.

This binary can be loaded into your C2 server by loading the module then running it. Note: this binary is now included in PoshC2 so no need to manually add it.


I will continue to add and improve the list when time permits. A full roadmap can be found below.

Find me on twitter @PwnDexter for any issues or questions!


Install & Compile

Git clone the repo down and open the solution in Visual Studio then build the project or alternatively download the latest release from here.

git clone https://github.com/PwnDexter/SharpEDRChecker.git

Usage

Once the binary has been loaded onto your host or into your C2 of choice, you can use the following commands:

Run the binary against the local host and perform checks based on current user integrity:

.\SharpEDRChecker.exe
run-exe SharpEDRChecker.Program SharpEDRChecker

For use in PoshC2 ise the following:

sharpedrchecker

Roadmap
  • Add more EDR Products - never ending
  • Test across more Windows and .NET versions
  • Add remote host query capability
  • Port to python for unix/macos support

Example Output

Initial start down C2:

 

Processes:


Modloads in your process:


Directories:


Services:


Drivers:


 TLDR Summary:



...

🍏 Show All Open Files, Directories, Sockets, Pipes, Devices, by All Running Processes on Mac with Sloth


📈 47.32 Punkte
🍏 iOS / Mac OS

⚠️ Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 Access Bypass


📈 41.66 Punkte
⚠️ PoC

⚠️ [webapps] - Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management


📈 41.66 Punkte
⚠️ PoC

⚠️ Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 Access Bypass


📈 41.66 Punkte
⚠️ PoC

⚠️ [webapps] - Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management


📈 41.66 Punkte
⚠️ PoC

🕵️ Moxa EDR-810/EDR-G902/EDR-G903 Remote Privilege Escalation [CVE-2020-28144]


📈 41.66 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-4452 | Moxa EDR-810/EDR G902/EDR G903 URI Validator buffer overflow


📈 41.66 Punkte
🕵️ Sicherheitslücken

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 35.78 Punkte
🔧 Programmierung

📰 Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes


📈 35.77 Punkte
📰 IT Security Nachrichten

🔧 Rename all files and directories in the current folder


📈 33.75 Punkte
🔧 Programmierung

🐧 nix-bundle builds portable binaries (something like appimage binaries) using the nix package manager


📈 33.18 Punkte
🐧 Linux Tipps

🐧 Command Help with "Top 10 Sub Directories w/ Largest File Total Size Excluding Further Sub Directories"


📈 33.09 Punkte
🐧 Linux Tipps

🐧 Current user groups vs current process groups.


📈 32.77 Punkte
🐧 Linux Tipps

🔧 Find all pairs such that (X, Y) such that X^2 = Y and X < Y


📈 32.6 Punkte
🔧 Programmierung

📰 Attackers Target Company Recruitment Processes With Phoney Job Applications Loaded With Quasar RAT


📈 31.56 Punkte
📰 IT Security Nachrichten

📰 James Webb Telescope Images Loaded With Malware Are Evading EDR


📈 31.43 Punkte
📰 IT Security Nachrichten

🕵️ http://www.investigation.inst.police.go.th/download/


📈 31.18 Punkte
🕵️ Hacking

🕵️ http://ceramology-inst.gov.ua/own.htm


📈 31.18 Punkte
🕵️ Hacking

📰 Node enables companies to build AI into their applications, products, and business processes


📈 29.15 Punkte
📰 IT Security Nachrichten

📰 pyrasite – Inject Code Into Running Python Processes


📈 28.9 Punkte
📰 IT Security Nachrichten

matomo