【文件属性】:
文件名称:RedTeamCCode:红队C代码仓库
文件大小:544KB
文件格式:ZIP
更新时间:2021-03-04 03:43:23
C
RedTeamCCode
红队C代码仓库
CrowdStrike钩住了ntdll.dll API
C:\Users\dev\Desktop>hook_finder_64.exe C:\Windows\System32\ntdll.dll
Loading C:\Windows\System32\ntdll.dll
------------------------------------------
BASE 0x00007FFAE0030000 MZÉ
PE 0x00007FFAE00300E8 PE
ExportTableOffset 0x00007FFAE01812A0
OffsetNameTable 0x00007FFAE01838C0
Function
【文件预览】:
RedTeamCCode-main
----PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON.c(2KB)
----crowdstrike_hook_finder_64.c(2KB)
----all_dlls_crowdstrike_hooks_output.txt(650KB)
----SharpUnHooking.cs(2KB)
----simple_encoder.c(687B)
----minidump_crowdstrike_bypass64.c(5KB)
----minidump-edr-bypass-generic64.c(2KB)
----unhook_crowdstrike_64.c(3KB)
----byebyedll.c(5KB)
----shellcode_runner.c(1KB)
----unhook_sentinelone_64.c(989B)
----sentinelone_hook_finder_64.c(2KB)
----README.md(6KB)
----dump_dlls_export_64.c(1KB)
----byebyedll-debug-poc.exe(62KB)
----system32_dlls_export_list.txt(2.96MB)