神兵利器 - EDRHunt-Windows系列-PHP中文网

神兵利器 - EDRHunt

爱谁谁

发布： 2025-06-30 08:10:45

原创

862人浏览过

edrhunt 扫描 windows 服务、驱动程序、进程、注册表以查找已安装的 edr（端点检测和响应）。

安装从发布部分下载最新版本。发行版是为 windows/amd64 构建的。GO安装需要在系统上安装 Go1.17+ 。go install github.com/FourCoreLabs/EDRHunt/cmd/EDRHunt@master用法查找已安装的 EDR代码语言：javascript代码运行次数：0运行复制

<code class="javascript">$ .\EDRHunt.exe scan[EDR]Detected EDR: Windows DefenderDetected EDR: Kaspersky Security</code>

登录后复制

扫描全部代码语言：javascript代码运行次数：0运行复制

<code class="javascript">$ .\EDRHunt.exe allRunning in user mode, escalate to admin for more details.Scanning processes, services, drivers, and registry...[PROCESSES]Suspicious Process Name: MsMpEng.exeDescription: MsMpEng.exeCaption: MsMpEng.exeBinary:ProcessID: 6764Parent Process: 1148Process CmdLine :File Metadata:Matched Keyword: [msmpeng]Suspicious Process Name: NisSrv.exeDescription: NisSrv.exeCaption: NisSrv.exeBinary:ProcessID: 9840Parent Process: 1148Process CmdLine :File Metadata:Matched Keyword: [nissrv]...</code>

登录后复制

查找匹配 EDR 关键字的驱动程序代码语言：javascript代码运行次数：0运行复制

<code class="javascript">    __________  ____     __  ____  ___   ________   / ____/ __ \/ __ \   / / / / / / / | / /_  __/  / __/ / / / / /_/ /  / /_/ / / / /  |/ / / / / /___/ /_/ / _, _/  / __  / /_/ / /|  / / //_____/_____/_/ |_|  /_/ /_/\____/_/ |_/ /_/FourCore Labs (https://fourcore.vision) | Version: 1.1Running in user mode, escalate to admin for more details.[DRIVERS]Suspicious Driver Module: WdFilter.sysDriver FilePath: c:\windows\system32\drivers\wd\wdfilter.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: WdFilter.sys        InternalFileName: WdFilter        Company Name: Microsoft Corporation        FileDescription: Microsoft antimalware file system filter driver        ProductVersion: 4.18.2109.6        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [antimalware malware]Suspicious Driver Module: hvsifltr.sysDriver FilePath: c:\windows\system32\drivers\hvsifltr.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: hvsifltr.sys.mui        InternalFileName: hvsifltr.sys        Company Name: Microsoft Corporation        FileDescription: Microsoft Defender Application Guard Filter Driver        ProductVersion: 10.0.19041.1        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [defender]Suspicious Driver Module: WdNisDrv.sysDriver FilePath: c:\windows\system32\drivers\wd\wdnisdrv.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: wdnisdrv.sys        InternalFileName: wdnisdrv.sys        Company Name: Microsoft Corporation        FileDescription: Windows Defender Network Stream Filter        ProductVersion: 4.18.2109.6        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [defender]...</code>

登录后复制

查找匹配 EDR 关键字的服务代码语言：javascript代码运行次数：0运行复制

<code class="javascript">$ .\EDRHunt.exe -s</code>

登录后复制

查找匹配 EDR 关键字的驱动程序代码语言：javascript代码运行次数：0运行复制

<code class="javascript">$ .\EDRHunt.exe -d</code>

登录后复制

查找与 EDR 关键字匹配的注册表项代码语言：javascript代码运行次数：0运行复制

<code class="javascript">$ .\EDRHunt.exe -r</code>

登录后复制

目前可用的 EDR 检测：

Windows DefenderKaspersky SecuritySymantec SecurityCrowdstrike SecurityMcafee SecurityCylance SecurityCarbon BlackSentinelOneFireEye

https://github.com/FourCoreLabs/EDRHunt

Boomy

AI音乐生成工具，创建生成音乐,与世界分享.

272

查看详情

以上就是神兵利器 - EDRHunt的详细内容，更多请关注php中文网其它相关文章！

大家都在看：

再见了，Teamviewer！ windows11的PowerToys是什么怎么安装使用_windows11 PowerToys工具安装与使用教程为 Windows 系统替换优雅的苹果字体 Windows 的 CMD 和 PS 命令行运行第一个 Python 的 HelloWorld 程序 Git 在 Windows 克隆的时候提示错误 Filename too long