Skip to content

ThottySploity/echoac-edr-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Echo Anticheat exploit disabling Antivirus and Endpoint Detection and Response (EDR)

Write-up of the exploit can be found here: https://thottysploity.github.io/posts/echohno/

Disabling Antivirus and EDR through the use of EchoDrv

This proof-of-concept, partically, disables EDR and AV through patching the kernel notify routines of PspCreateProcessNotifyRoutine, PspCreateThreadNotifyRoutine and PspLoadImageNotifyRoutine. Aswell as disabling ETW (Event Tracing Windows) for the Windows Threat Provider commonly used by AV/EDR.

Disclaimer

I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

About

Outsmarting Antivirus [Echo AC Edition]

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages