gmh5225
/
AntiKernelDebug-POC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e6d197ebe'
${ noResults }
AntiKernelDebug-POC/README.md

13 lines
245 B
Raw Normal View History Unescape

Update
2 years ago
# AntiKernelDebug-poc
Initial commit
2 years ago
Update
2 years ago
## What's this?
A POC about how to detect windows kernel debug by pool tag.
## How does this poc actually work?
Query system pool tag information matches TagUlong == 'oIdK'.
Tested in Win10 1809
Update
2 years ago
![image](images/1.png)