edr-internals

by outflanknl · AI Tool · ★ 278

About edr-internals

EDR Internals Tools for analyzing EDR agents. For details, see our blog post. ESDump - macOS Endpoint Security client that dumps events to NEDump - macOS content filter provider that dumps socket flow data to attacks/phantomv1 - A collection of POCs that bypass different Linux syscalls using the Phantom V1 TOCTOU vulnerability dumpebpf.sh - Linux eBPF program and map enumeration script hook.py - Frida loader with scripts for inspecting key macOS monitoring functions Usage ESDump and NEDump can be compiled on macOS using CMakeLists.txt or you can download a precompiled release.

Quick Facts

Stars278
Forks27
LanguageC++
CategoryAI Tool
LicenseGPL-3.0
Quality Score55.1094472693597/100
Last Updated2024-06-10
Created2024-06-03
Est. Tokens~3k

More AI Tool Tools

Explore other popular ai tool tools:

View all AI Tool tools →

Popular C++ Agent Tools

Frequently Asked Questions

What is edr-internals?

edr-internals is Tools for analyzing EDR agents. It is categorized as a AI Tool with 278 GitHub stars.

What programming language is edr-internals written in?

edr-internals is primarily written in C++.

How do I install or use edr-internals?

You can find installation instructions and usage details in the edr-internals GitHub repository at github.com/outflanknl/edr-internals. The project has 278 stars and 27 forks, indicating an active community.

What license does edr-internals use?

edr-internals is released under the GPL-3.0 license, making it free to use and modify according to the license terms.

View on GitHub → Browse AI Tool tools