ThunderStrike EDR

Name: ThunderStrikeEDR
Author: d5fa4lt

ThunderStrikeEDR Logo

Introduction

I create this project to Learn Edr Internals and Windows kernel Programming.

🚀 Features

It only has one feature right now which is inject a Hook DLL into each process using KAPC.

I will add More Features in the future.

⚠️ Caution

This project is under development, so please use it with caution. It is recommended to run it inside a virtual machine to avoid any risks to your main system.

📝 To-Do

Implement a memory scanner.
Integrate basic logging and alerting system.
Integrate ETW / ETW-TI

📚 Resources

Evading EDR Book (By Matt Hand).
SensePost – From Windows Drivers to an Almost Fully Working EDR (2024)
SensePost – mydumbEDR (GitHub)
iRed Team – Subscribing to Process Creation, Thread Creation, and Image Load Notifications from a Kernel Driver
Experimenting with Protected Processes and Threat-Intelligence
Xacone – BestEDROfTheMarket
EDR Development Playlist
- vEDR Project

ThunderStrikeEDR

Table of Contents

README.md

ThunderStrike EDR

Introduction

🚀 Features

⚠️ Caution

📝 To-Do

📚 Resources

Tool Information

Tool Details

ThunderStrikeEDR

Author

GitHub Statistics

Stars

Forks

Issues

Tool Information

Author

Project Added On

License

Tags