STFUEDR
Silence EDRs by removing kernel callbacks
Install / Use
/learn @lawiet47/STFUEDRREADME
STFUEDR
Silence EDRs by removing kernel callbacks
A lot of modern AV/EDR technologies monitor process/thread creation events by registering PspSetXXXXNotifyRoutine callback. This code checks for popular EDR/AV driver names and removes them from PspSetXXXXNotifyRoutine callback array. To do so the code checks for a byte pattern that occurs before jmp PspSetXXXXNotifyRoutine instructions. The byte pattern differs among windows versions, so this code aims to cover all of them.
Everything is already greatly explained
here: https://www.redcursor.com.au/blog/bypassing-lsa-protection-aka-protected-process-light-without-mimikatz-on-windows-10 and
here: https://www.youtube.com/watch?v=85H4RvPGIX4
The original exploit code: https://br-sn.github.io/Removing-Kernel-Callbacks-Using-Signed-Drivers/
Related Skills
node-connect
347.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
108.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
347.9kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
347.9kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
