by outflanknl · AI Tool · ★ 278
EDR Internals Tools for analyzing EDR agents. For details, see our blog post. ESDump - macOS Endpoint Security client that dumps events to NEDump - macOS content filter provider that dumps socket flow data to attacks/phantomv1 - A collection of POCs that bypass different Linux syscalls using the Phantom V1 TOCTOU vulnerability dumpebpf.sh - Linux eBPF program and map enumeration script hook.py - Frida loader with scripts for inspecting key macOS monitoring functions Usage ESDump and NEDump can be compiled on macOS using CMakeLists.txt or you can download a precompiled release.
| Stars | 278 |
| Forks | 27 |
| Language | C++ |
| Category | AI Tool |
| License | GPL-3.0 |
| Quality Score | 55.1094472693597/100 |
| Last Updated | 2024-06-10 |
| Created | 2024-06-03 |
| Est. Tokens | ~3k |
Explore other popular ai tool tools:
edr-internals is Tools for analyzing EDR agents. It is categorized as a AI Tool with 278 GitHub stars.
edr-internals is primarily written in C++.
You can find installation instructions and usage details in the edr-internals GitHub repository at github.com/outflanknl/edr-internals. The project has 278 stars and 27 forks, indicating an active community.
edr-internals is released under the GPL-3.0 license, making it free to use and modify according to the license terms.