SYMBOL INDEX (80 symbols across 20 files) FILE: 2-custom-edr-evasion/1-Custom-BYOD/decode-that-lsass.cpp function main (line 7) | int main() { FILE: 2-custom-edr-evasion/1-Custom-BYOD/driver-dumper/headers/driver_interface.h type PHYSICAL_MEMORY_RW (line 6) | typedef struct _PHYSICAL_MEMORY_RW { FILE: 2-custom-edr-evasion/1-Custom-BYOD/driver-dumper/main.cpp function WriteLog (line 26) | void WriteLog(const std::string& msg) { function HANDLE (line 33) | HANDLE OpenDriver() { function LoadDriver (line 38) | bool LoadDriver(const std::wstring& driverName, const std::wstring& driv... function ReadPhys (line 92) | bool ReadPhys(HANDLE h, uint64_t pa, void* out, size_t sz) { function TranslateVAtoPA (line 105) | bool TranslateVAtoPA(HANDLE h, uint64_t cr3, uint64_t va, uint64_t& outP... function ReadVA (line 140) | bool ReadVA(HANDLE h, uint64_t cr3, uint64_t va, void* out, size_t sz) { function FindEP (line 147) | bool FindEP(HANDLE h, uint64_t cr3, uint64_t listVA, const std::string& ... function StealHandle (line 169) | bool StealHandle(HANDLE h, uint64_t cr3, uint64_t systemEP, uint64_t lsa... function DumpLSASS (line 187) | bool DumpLSASS(HANDLE stolen) { function main (line 209) | int main() { FILE: 2-custom-edr-evasion/1-Custom-BYOD/driver-dumper/offset-calc/headers/logging.h function WriteLog (line 6) | inline void WriteLog(const std::string& message) { FILE: 2-custom-edr-evasion/1-Custom-BYOD/driver-dumper/offset-calc/offset-calc.cpp function ToHexString (line 12) | std::string ToHexString(uint64_t value) { function GetKernelBase (line 19) | uintptr_t GetKernelBase() { function DWORD (line 30) | DWORD GetWindowsBuildNumber() { function main (line 39) | int main() { FILE: 2-custom-edr-evasion/1-Custom-BYOD/driver_interface.h type PHYSICAL_MEMORY_RW (line 10) | typedef struct _PHYSICAL_MEMORY_RW { FILE: 2-custom-edr-evasion/1-Custom-BYOD/driver_loader.cpp function WriteLog (line 8) | void WriteLog(const std::string& msg) { function LoadDriver (line 14) | bool LoadDriver(const std::wstring& driverName, const std::wstring& driv... function main (line 76) | int main() { FILE: 2-custom-edr-evasion/1-Custom-BYOD/dump-that-lsass.cpp function Log (line 14) | void Log(const std::string& msg) { function DWORD (line 21) | DWORD FindLSASSPid() { function EnableDebugPrivilege (line 40) | bool EnableDebugPrivilege() { function DumpAndEncodeMemory (line 58) | void DumpAndEncodeMemory(HANDLE hProc, std::ofstream& outFile) { function main (line 83) | int main() { FILE: 2-custom-edr-evasion/1-Custom-BYOD/nikito/dump-that-lsass-nikito.cpp function BOOL (line 24) | BOOL CALLBACK MiniDumpCallback( function DWORD (line 86) | DWORD FindLsassPid() { function EnableSeDebugPrivilege (line 108) | bool EnableSeDebugPrivilege() { function DumpLsassToMemoryBuffer (line 131) | bool DumpLsassToMemoryBuffer(std::vector& outputBuffer) { function main (line 315) | int main() { FILE: 2-custom-edr-evasion/1-Custom-BYOD/system-that-lsass.cpp function WriteLog (line 7) | void WriteLog(const std::string& message) { function main (line 13) | int main() { FILE: 2-custom-edr-evasion/2-Custom-API/c++/detect-att.cpp function IsSuspiciousModule (line 27) | static bool IsSuspiciousModule(const std::string& modName) { function IsBackedByFileRemote (line 35) | static bool IsBackedByFileRemote(HANDLE hProc, void* baseAddr) { function ReadRemoteUnicodeString (line 51) | static bool ReadRemoteUnicodeString(HANDLE hProc, const UNICODE_STRING& ... function RemotePEBWalk (line 66) | static void RemotePEBWalk(DWORD pid) { function BatchScanAllProcesses (line 149) | static void BatchScanAllProcesses() { function main (line 181) | int main(int argc, char* argv[]) { FILE: 2-custom-edr-evasion/2-Custom-API/c++/detect-hooks-dlls.cpp function IsSuspiciousModule (line 18) | bool IsSuspiciousModule(const std::string& modName) { function ListModules (line 26) | void ListModules(DWORD pid) { function CheckInlineHook (line 53) | bool CheckInlineHook(LPCSTR dll, LPCSTR function) { function CompareFuncBytes (line 75) | bool CompareFuncBytes(LPCSTR dll, LPCSTR func) { function main (line 110) | int main() { FILE: 2-custom-edr-evasion/2-Custom-API/c++/unhooker.cpp function ComparePEHeaders (line 15) | static bool ComparePEHeaders(BYTE* loadedBase, BYTE* diskBase) { function DumpHookTarget (line 32) | static void DumpHookTarget(void* addr) { function RestoreFunctionFromDisk (line 90) | static bool RestoreFunctionFromDisk(const char* dllName, const char* fun... function main (line 199) | int main() { FILE: 2-custom-edr-evasion/2-Custom-API/c++/unload-dlls.cpp function iequals_ascii (line 33) | static bool iequals_ascii(const std::string& a, const std::string& b) { function tolower_ascii (line 43) | static std::string tolower_ascii(std::string s) { function EnablePrivilege (line 48) | static bool EnablePrivilege(LPCWSTR name) { function IsFileBackedModule (line 60) | static bool IsFileBackedModule(HANDLE hProc, HMODULE mod) { function HMODULE (line 69) | static HMODULE FindRemoteKernel32(HANDLE hProc) { function LPTHREAD_START_ROUTINE (line 85) | static LPTHREAD_START_ROUTINE ResolveRemoteFreeLibrary(HANDLE hProc) { function ShouldTargetModule (line 102) | static bool ShouldTargetModule(const std::string& pathLower, const std::... function UnloadMatchesInProcess (line 112) | static void UnloadMatchesInProcess(DWORD pid, const std::string& filterL... function Usage (line 152) | static void Usage() { function wmain (line 160) | int wmain(int argc, wchar_t* argv[]) { FILE: 2-custom-edr-evasion/2-Custom-API/golang/catwatch.go function main (line 26) | func main() { function launchCLIMenu (line 37) | func launchCLIMenu() { function launchDashboard (line 73) | func launchDashboard() { function runRouteWatch (line 100) | func runRouteWatch() { function runDropWatch (line 115) | func runDropWatch() { function runFileWatch (line 135) | func runFileWatch(reader *bufio.Reader) { function runServiceKill (line 167) | func runServiceKill(reader *bufio.Reader) { function runWireWatch (line 188) | func runWireWatch() { function findTargetIPs (line 231) | func findTargetIPs() []string { FILE: 2-custom-edr-evasion/2-Custom-API/golang/disable-service.go function main (line 8) | func main() { function stopService (line 19) | func stopService(name string) error { FILE: 2-custom-edr-evasion/2-Custom-API/golang/file-stomp.go function main (line 22) | func main() { FILE: 2-custom-edr-evasion/2-Custom-API/golang/firewall-rule.go function main (line 11) | func main() { function addDropRule (line 49) | func addDropRule(ip string) { FILE: 2-custom-edr-evasion/2-Custom-API/golang/re-route.go constant defaultGateway (line 13) | defaultGateway = "127.0.0.1" constant metric (line 14) | metric = "1" function main (line 17) | func main() { function addRoute (line 61) | func addRoute(ip string) { FILE: 2-custom-edr-evasion/2-Custom-API/golang/snuff-traffic.go function main (line 24) | func main() { function findTargetIPs (line 46) | func findTargetIPs() []string { function startPacketDrop (line 77) | func startPacketDrop(ipList []string) error { function selfRemoveDriver (line 109) | func selfRemoveDriver() error {