EDR-Test icon indicating copy to clipboard operation
EDR-Test copied to clipboard
verified publisher icon TH3xACE

Added a few checks based on BOF.NET (SeatBelt, Rubeus, SharPersis…

Open m-nigma opened this issue 3 years ago • 1 comments

Hi @TH3xACE,

I've created a few checks for your framework based on a few publicly available tools.

The following tools need to be imported into the Cobalt Strike client in order to perform some of the checks:

  1. BOF.NET fork
  2. chromiumkeydump BOF:
  3. Nanodump BOF The following projects need to be compiled and binaries should be placed next to the "edr-tests.cna" file within "checks" directory:
  4. Rubeus
  5. SharPersist
  6. SeatBelt

If you encounter any issues please let me know. You can contact me via Twitter @mnigma.

m-nigma avatar Jun 22 '22 12:06 m-nigma

i dont think work

sec13b avatar Feb 24 '24 23:02 sec13b