🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Met

🕛 Zeit seit Veröffentlichung: 1173 Tage, 5 Stunden 7 Minuten
📆 Veröffentlicht am: 27.01.2021 um 21:30 Uhr
💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: feedproxy.google.com

New and improved C# Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools. Catches hidden EDRs as well via its metadata checks, more info in a blog post coming soon.

This binary can be loaded into your C2 server by loading the module then running it. Note: this binary is now included in PoshC2 so no need to manually add it.

I will continue to add and improve the list when time permits. A full roadmap can be found below.

Find me on twitter @PwnDexter for any issues or questions!

Install & Compile

Git clone the repo down and open the solution in Visual Studio then build the project or alternatively download the latest release from here.

git clone https://github.com/PwnDexter/SharpEDRChecker.git

Usage

Once the binary has been loaded onto your host or into your C2 of choice, you can use the following commands:

Run the binary against the local host and perform checks based on current user integrity:

.\SharpEDRChecker.exe
run-exe SharpEDRChecker.Program SharpEDRChecker

For use in PoshC2 ise the following:

sharpedrchecker

Roadmap

Add more EDR Products - never ending
Test across more Windows and .NET versions
Add remote host query capability
Port to python for unix/macos support

Example Output

Initial start down C2:

Processes:

Modloads in your process:

Directories:

Services:

Drivers:

TLDR Summary:

Download SharpEDRChecker

...

Sharing is caring on Social Media

Join the Team IT Security Community

📌 The American Law distinguishes between passwords and others means of logging on to your computer, such as fingerprints and retina scans. Because the former is a product of your mental processes, the law prohibits investigators to force you disclose t

🕛 1691 Tage, 19 Stunden 5 Minuten
📆 22.07.2019 um 12:07 Uhr
📈 49.79 Punkte

📌 Show All Open Files, Directories, Sockets, Pipes, Devices, by All Running Processes on Mac with Sloth

🕛 419 Tage, 8 Stunden 21 Minuten
📆 20.02.2023 um 17:52 Uhr
📈 48.03 Punkte

📌 when logging into google on UBUBTU for the first time, I have two options: 1) Incorporate all my Google services into this laptop and allow gnome to PERMANENTLY DELETE ALL OF MY EMAIL FROM GMAIL (WTF?!) ; or 2) No google services will be accessible o

🕛 1693 Tage, 0 Stunden 5 Minuten
📆 26.08.2019 um 02:55 Uhr
📈 46.47 Punkte

📌 google thought it was a such a great idea to start logging you into everything when you logged into something… that it forgot to ask.

🕛 2025 Tage, 6 Stunden 7 Minuten
📆 28.09.2018 um 19:21 Uhr
📈 39.77 Punkte

📌 Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes

🕛 487 Tage, 10 Stunden 36 Minuten
📆 14.12.2022 um 14:26 Uhr
📈 36.55 Punkte

📌 Kernel Mode Linux: Execute user processes in kernel mode (TL:DR: User Mode Linux let us run the Linux kernel as a user process. Kernel Mode Linux lets us run user processes in the kernel)

🕛 1328 Tage, 13 Stunden 7 Minuten
📆 25.08.2020 um 13:18 Uhr
📈 36.23 Punkte

📌 It has been possible to get qemu user mode emulation static binaries on non root android just by unpacking a debian package; binaries just work...

🕛 2051 Tage, 12 Stunden 36 Minuten
📆 02.09.2018 um 12:47 Uhr
📈 33.39 Punkte

📌 nix-bundle builds portable binaries (something like appimage binaries) using the nix package manager

🕛 1316 Tage, 6 Stunden 7 Minuten
📆 06.09.2020 um 19:36 Uhr
📈 33.39 Punkte

📌 Current user groups vs current process groups.

🕛 1059 Tage, 6 Stunden 22 Minuten
📆 21.05.2021 um 19:47 Uhr
📈 33.33 Punkte

📌 KDE Plasma's System Monitor gets a facelift and a new backend, letting you keep track of all your machine's resources, such as how much space you have left on your hard disks, the load on your CPU and the applications slowing down your system

🕛 1258 Tage, 8 Stunden 7 Minuten
📆 03.11.2020 um 18:07 Uhr
📈 33.3 Punkte

📌 Command Help with "Top 10 Sub Directories w/ Largest File Total Size Excluding Further Sub Directories"

🕛 48 Tage, 4 Stunden 21 Minuten
📆 26.02.2024 um 22:10 Uhr
📈 33.15 Punkte

📌 Find all pairs such that (X, Y) such that X^2 = Y and X < Y

🕛 377 Tage, 20 Stunden 47 Minuten
📆 03.04.2023 um 05:29 Uhr
📈 33 Punkte

📌 OpenMandriva: combines WINE64 and 32 into one package capable of running both binaries, i686 architecture was considered as deprecated. Work is underway on a new Rolling release

🕛 1366 Tage, 10 Stunden 52 Minuten
📆 18.07.2020 um 15:02 Uhr
📈 32.46 Punkte

📌 Sandfly-Entropyscan - Tool To Detect Packed Or Encrypt ed Binaries Related To Malware, Finds Malicious Files And Linux Processes And Gives Output With Cryptographic Hashes

🕛 431 Tage, 21 Stunden 57 Minuten
📆 07.02.2023 um 00:00 Uhr
📈 32.22 Punkte

📌 Attackers Target Company Recruitment Processes With Phoney Job Applications Loaded With Quasar RAT

🕛 1691 Tage, 19 Stunden 5 Minuten
📆 27.08.2019 um 23:15 Uhr
📈 32.12 Punkte

📌 James Webb Telescope Images Loaded With Malware Are Evading EDR

🕛 592 Tage, 6 Stunden 4 Minuten
📆 31.08.2022 um 20:00 Uhr
📈 31.96 Punkte

📌 Bugtraq: Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking

🕛 2826 Tage, 3 Stunden 16 Minuten
📆 19.07.2016 um 23:20 Uhr
📈 31.29 Punkte

📌 Bugtraq: Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking

🕛 2826 Tage, 3 Stunden 16 Minuten
📆 19.07.2016 um 23:20 Uhr
📈 31.29 Punkte

📌 can anyone tell , while I am using Pycharm why so many python process are running, like as pycharm itself takes approx 1.5 gb memory(as you can see by process named java) , but right now , due to multiple python process my memory usage is 7.3gb .

🕛 1506 Tage, 13 Stunden 37 Minuten
📆 29.02.2020 um 12:53 Uhr
📈 30.95 Punkte

📌 http://www.investigation.inst.police.go.th/download/

🕛 2299 Tage, 4 Stunden 6 Minuten
📆 16.08.2017 um 18:35 Uhr
📈 30.75 Punkte

📌 http://ceramology-inst.gov.ua/own.htm

🕛 991 Tage, 1 Stunden 36 Minuten
📆 29.07.2021 um 00:02 Uhr
📈 30.75 Punkte

📌 I made a CLI tool that searches shell history by commands and directories. It prioritizes commands from the current directory (blue highlight).

🕛 1545 Tage, 1 Stunden 7 Minuten
📆 22.01.2020 um 00:17 Uhr
📈 30.11 Punkte

📌 chrome users are now automatically signed into the browser if they're signed into any other google service, such as gmail.

🕛 2029 Tage, 6 Stunden 6 Minuten
📆 24.09.2018 um 19:21 Uhr
📈 29.48 Punkte