A lot are still usermode hooks. Some are mixed. For example, CarbonBlack has some kernel level drivers for file and network detections, but its prevention policies all operate as usermode hooks.
https://github.com/Mr-Un1k0d3r/EDRs
Tyler Burns
npub1d3…xynp3
2024-07-19 15:19:28
in reply to nevent1q…93rd
Author Public Key
npub1d30mhvhd0sagmu83wdm26wqk00heptfn05xvgmfx7r9xscstnfcs7xynp3Published at
2024-07-19 15:19:28Event JSON
{
"id": "5cf3540ef4d42d3bf090e12fe76fd6f4d48f3a584234ac272e13b5cae1022677",
"pubkey": "6c5fbbb2ed7c3a8df0f17376ad38167bef90ad337d0cc46d26f0ca68620b9a71",
"created_at": 1721402368,
"kind": 1,
"tags": [
[
"e",
"c11e6270f33a491371323e34ca146b2216ac289b1a385b06e1c5e999795ef08d",
"",
"root"
],
[
"e",
"44e64f237248fc57af7392ead5877262766eaa9a7100c9d0e0d0b807984631bd"
],
[
"e",
"bae725cfee932a9016a58dbeece41f4fb53d9f5fe3adfb3f2411b88ba69982d5",
"",
"reply"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"7ca66d4166b16f54a16868191ba1c6386a976624f4634f3896d9b6740a388ca3"
],
[
"p",
"3c07d68edf71f6d22374dffae054e6801468594e7b0d0625fb5bcd24b202264d"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
],
[
"p",
"6c5fbbb2ed7c3a8df0f17376ad38167bef90ad337d0cc46d26f0ca68620b9a71"
],
[
"p",
"1f830dd875130b134fbf3f27a69eecd8613a499748a71b5a271a719febae14ed"
],
[
"r",
"https://github.com/Mr-Un1k0d3r/EDRs"
]
],
"content": "A lot are still usermode hooks. Some are mixed. For example, CarbonBlack has some kernel level drivers for file and network detections, but its prevention policies all operate as usermode hooks.\n\nhttps://github.com/Mr-Un1k0d3r/EDRs",
"sig": "a8b7ceba358908295700a94c11204bd08682d31468c2adf19e364880aeddd1945697cf8edacb406a9a08b82bccd3fd0bc74947b7b9baaa1fcb17fcc8fb5851f2"
}