$ .\EDRHunt.exe scan[EDR]Detected EDR: Windows DefenderDetected EDR: Kaspersky Security

$ .\EDRHunt.exe allRunning in user mode, escalate to admin for more details.Scanning processes, services, drivers, and registry...[PROCESSES]
Suspicious Process Name: MsMpEng.exeDescription: MsMpEng.exeCaption: MsMpEng.exeBinary:ProcessID: 6764Parent Process: 1148Process CmdLine :File Metadata:Matched Keyword: [msmpeng]

Suspicious Process Name: NisSrv.exeDescription: NisSrv.exeCaption: NisSrv.exeBinary:ProcessID: 9840Parent Process: 1148Process CmdLine :File Metadata:Matched Keyword: [nissrv]...

    __________  ____     __  ____  ___   ________   / ____/ __ \/ __ \   / / / / / / / | / /_  __/  / __/ / / / / /_/ /  / /_/ / / / /  |/ / / / / /___/ /_/ / _, _/  / __  / /_/ / /|  / / //_____/_____/_/ |_|  /_/ /_/\____/_/ |_/ /_/
FourCore Labs (https://fourcore.vision) | Version: 1.1
Running in user mode, escalate to admin for more details.[DRIVERS]Suspicious Driver Module: WdFilter.sysDriver FilePath: c:\windows\system32\drivers\wd\wdfilter.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: WdFilter.sys        InternalFileName: WdFilter        Company Name: Microsoft Corporation        FileDescription: Microsoft antimalware file system filter driver        ProductVersion: 4.18.2109.6        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [antimalware malware]
Suspicious Driver Module: hvsifltr.sysDriver FilePath: c:\windows\system32\drivers\hvsifltr.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: hvsifltr.sys.mui        InternalFileName: hvsifltr.sys        Company Name: Microsoft Corporation        FileDescription: Microsoft Defender Application Guard Filter Driver        ProductVersion: 10.0.19041.1        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [defender]
Suspicious Driver Module: WdNisDrv.sysDriver FilePath: c:\windows\system32\drivers\wd\wdnisdrv.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: wdnisdrv.sys        InternalFileName: wdnisdrv.sys        Company Name: Microsoft Corporation        FileDescription: Windows Defender Network Stream Filter        ProductVersion: 4.18.2109.6        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [defender]...

$ .\EDRHunt.exe -s

$ .\EDRHunt.exe -d

$ .\EDRHunt.exe -r

推荐阅读

实战|记一次奇妙的文件上传getshell

「 超详细 | 分享 」手把手教你如何进行内网渗透

神兵利器 | siusiu-渗透工具管理套件

一款功能全面的XSS扫描器

实战 | 一次利用哥斯拉马绕过宝塔waf

BurpCrypto: 万能网站密码爆破测试工具

快速筛选真实IP并整理为C段 -- 棱眼

自动探测端口顺便爆破工具t14m4t

渗透工具｜无状态子域名爆破工具（1秒扫160万个子域）