Building an EDR From Scratch Part 4 - Kernel Driver (Endpoint Detection and Response)

Evasion Games: https://evasiongames.org

Welcome to part 4 the building an EDR from scratch series! In this series were going to work through the different components of an EDR building them one by one.

This video is focused on building out the first pieces of our kernel driver. We create callback functions, register a call back, and create a system for injecting our DLL into processes on the system.

Let me know your thoughts and thank you for taking the time to watch the series!!

Don't forget to check out https://evasiongames.org if you're hyped on trying to evade EDR yourself!


Here is a link to the project in this video: https://github.com/ytincodenito/vEDR

Setting up a virtual environment for kernel driver development/debugging: https://github.com/xalicex/kernel-deb...

Here is the original implementation of the KAPC injection method used in this video: https://github.com/alexvogt91/Kernel-...

Here is a more descriptive version of the same: https://github.com/0xOvid/RootkitDiaries

GitHub: https://github.com/ytincodenito
Discord:   / discord