{"id":23019,"date":"2022-03-18T14:43:40","date_gmt":"2022-03-18T14:43:40","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=23019"},"modified":"2022-03-18T14:43:44","modified_gmt":"2022-03-18T14:43:44","slug":"invoke-edrchecker","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/","title":{"rendered":"Invoke-EDRChecker : Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process"},"content":{"rendered":"\n<p><strong>Invoke-EDRChecker<\/strong> is the script will check running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV&#8217;s, EDR&#8217;s and logging tools.<\/p>\n\n\n\n<p>This script can be loaded into your C2 server as well for example in PoshC2, place the script into your modules directory, load the module then run it. Note: this script is now included in PoshC2 so no need to manually add it.<\/p>\n\n\n\n<p>The script also has capacity to perform checks against remote targets if you have the privileges to do so, these checks are presently limited however to process checking, common install directories and installed services.<\/p>\n\n\n\n<p>I will continue to add and improve the list when time permits. A full roadmap can be found below.<\/p>\n\n\n\n<p>The C# version of this tool is much improved over the PowerShell version and can be found here:<\/p>\n\n\n\n<p>https:\/\/github.com\/PwnDexter\/SharpEDRChecker<\/p>\n\n\n\n<p>Find me on twitter @PwnDexter for any issues or questions!<\/p>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/PwnDexter\/Invoke-EDRChecker#install\"><\/a>Install<\/h2>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>git clone https:\/\/github.com\/PwnDexter\/Invoke-EDRChecker.git<\/strong><\/p>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\">Usage<\/h2>\n\n\n\n<p>Once the script has been loaded into your host or C2 of choice, you can use the following commands:<\/p>\n\n\n\n<p>Run the script against the local host and perform checks based on current user integrity:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Invoke-EDRChecker<\/strong><\/p>\n\n\n\n<p>Run the script and force registry checks to be performed (for use when you are not running as admin):<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Invoke-EDRChecker -Force<\/strong><\/p>\n\n\n\n<p>To bypass the pre-checks for remote hosts use -Ignore flag to bypass connectivity checks<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Invoke-EDRChecker -Remote -Ignore<\/strong><\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Example Output &#8211; Note: These screenshots need updated and this has only been tested on Windows 10, more testing to come.<\/h2>\n\n\n\n<p>If processes and drivers are hidden and still found:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgbX7KYhq-dOiJ2Rk3VgV2QdnxWOgM9-S0qaKePbMWPqfG7bzAgoXXwBJxuvw8yVe0E94pvUwVx5D3YCLeXQZsAFVY3qvz_MoH09EY4xLvnyGvuKT1z5XDAOrkMyoa-FOaPRdcF18WNO4irqbXsKSpBCQChwWrN6KOBQt0s7hNY8j9OjCS1we0xhqGq=s1334\" alt=\"\" \/><\/figure>\n\n\n\n<p>Using EDR-Checker with PoshC2:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh4CYOYfUkNJG5-GH1-VhbjJXUXHuOaGUkrsy4MUufjf2Pe7LXpzJzpKwvPi1GQFo9aaSfd7Shr7yS0-Y4upRpcTq6iGZkY9cuSpyLyHg9nYDjg0h6Gycsv-lfgaHQOXYhd5pEHye7I15pg9R6_WocLKuQVTC7zwiVu1EQ7mPwDMTJZupD4J1Wj_LjC=s1547\" alt=\"\" \/><\/figure>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/PwnDexter\/Invoke-EDRChecker\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV&#8217;s, EDR&#8217;s and logging tools. This script can be loaded into your C2 server as [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":23028,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[888,4897,2053],"class_list":["post-23019","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-dlls","tag-invoke-edrchecker","tag-metadata"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Invoke-EDRChecker : Checks Running Processes, Process Metadata<\/title>\n<meta name=\"description\" content=\"Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Invoke-EDRChecker : Checks Running Processes, Process Metadata\" \/>\n<meta property=\"og:description\" content=\"Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-18T14:43:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-18T14:43:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Invoke-EDRChecker : Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process\",\"datePublished\":\"2022-03-18T14:43:40+00:00\",\"dateModified\":\"2022-03-18T14:43:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\"},\"wordCount\":305,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728\",\"keywords\":[\"DLLs\",\"Invoke-EDRChecker\",\"Metadata\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\",\"name\":\"Invoke-EDRChecker : Checks Running Processes, Process Metadata\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728\",\"datePublished\":\"2022-03-18T14:43:40+00:00\",\"dateModified\":\"2022-03-18T14:43:44+00:00\",\"description\":\"Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Invoke-EDRChecker : Checks Running Processes, Process Metadata","description":"Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/","og_locale":"en_US","og_type":"article","og_title":"Invoke-EDRChecker : Checks Running Processes, Process Metadata","og_description":"Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process.","og_url":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-03-18T14:43:40+00:00","article_modified_time":"2022-03-18T14:43:44+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Invoke-EDRChecker : Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process","datePublished":"2022-03-18T14:43:40+00:00","dateModified":"2022-03-18T14:43:44+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/"},"wordCount":305,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","keywords":["DLLs","Invoke-EDRChecker","Metadata"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/","url":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/","name":"Invoke-EDRChecker : Checks Running Processes, Process Metadata","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","datePublished":"2022-03-18T14:43:40+00:00","dateModified":"2022-03-18T14:43:44+00:00","description":"Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/invoke-edrchecker\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjdA1LoEbioFaTc973NMntzAdH3Ro4RW1aej2P3bDn66sG83-LjmsK-VDidlNMGXNzMn5daGFLZ5g1tEYGD8HfwRuViqAq9eGJ-f_mwsFXjHcJs2ngtpHVrGFeTXhQcLuU1MpmqAx1YFdoD9RqHp79CvoRqB_87WogoKG4mUUAl7DnISafo4W2tZVhE=s728","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":9578,"url":"https:\/\/kalilinuxtutorials.com\/privesccheck\/","url_meta":{"origin":23019,"position":0},"title":"PrivescCheck : Privilege Escalation Enumeration Script for Windows","author":"R K","date":"March 6, 2020","format":false,"excerpt":"PrivescCheck script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and\/or post-exploitation. I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I added more checks and also tried to reduce\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25507,"url":"https:\/\/kalilinuxtutorials.com\/rogueassemblyhunter\/","url_meta":{"origin":23019,"position":1},"title":"RogueAssemblyHunter : Rogue Assembly Hunter Is A Utility For Discovering &#8216;Interesting&#8217; .NET CLR Modules","author":"R K","date":"June 24, 2022","format":false,"excerpt":"Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Background .NET is a very powerful and capable development platform and runtime framework for building and running .NET managed applications. Over the last several years, .NET has been adopted by Red Teams (and likes thereof)\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjmjL8G87wklSLo1d63dwFhSy8qAc5G7q9gapOP8E1eq38Gzx9y9L_YDqtpDAdhcTubtuVdYYiRYIUcj-bJGFPj5VX1OGHbO1CuF_YXU4zdRkL2ggSgLMnAFMtltkMBLiW9LQUO8WNuChvUCf8JIiH8OiSKYe2Foi-mUEV7gdDTH_md8hdGiWbwL1LB\/s728\/RogueAssemblyHunter%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjmjL8G87wklSLo1d63dwFhSy8qAc5G7q9gapOP8E1eq38Gzx9y9L_YDqtpDAdhcTubtuVdYYiRYIUcj-bJGFPj5VX1OGHbO1CuF_YXU4zdRkL2ggSgLMnAFMtltkMBLiW9LQUO8WNuChvUCf8JIiH8OiSKYe2Foi-mUEV7gdDTH_md8hdGiWbwL1LB\/s728\/RogueAssemblyHunter%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjmjL8G87wklSLo1d63dwFhSy8qAc5G7q9gapOP8E1eq38Gzx9y9L_YDqtpDAdhcTubtuVdYYiRYIUcj-bJGFPj5VX1OGHbO1CuF_YXU4zdRkL2ggSgLMnAFMtltkMBLiW9LQUO8WNuChvUCf8JIiH8OiSKYe2Foi-mUEV7gdDTH_md8hdGiWbwL1LB\/s728\/RogueAssemblyHunter%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjmjL8G87wklSLo1d63dwFhSy8qAc5G7q9gapOP8E1eq38Gzx9y9L_YDqtpDAdhcTubtuVdYYiRYIUcj-bJGFPj5VX1OGHbO1CuF_YXU4zdRkL2ggSgLMnAFMtltkMBLiW9LQUO8WNuChvUCf8JIiH8OiSKYe2Foi-mUEV7gdDTH_md8hdGiWbwL1LB\/s728\/RogueAssemblyHunter%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":17800,"url":"https:\/\/kalilinuxtutorials.com\/speakeasy\/","url_meta":{"origin":23019,"position":2},"title":"Speakeasy : Windows Kernel And User Mode Emulation","author":"R K","date":"September 16, 2021","format":false,"excerpt":"Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first\u00a0Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific components of Windows. Specifically, by emulating operating system\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4466,"url":"https:\/\/kalilinuxtutorials.com\/commandovm\/","url_meta":{"origin":23019,"position":3},"title":"CommandoVM : Windows-Based Security Distribution for Penetration Testing","author":"R K","date":"April 5, 2019","format":false,"excerpt":"Welcome to CommandoVM a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation (Install Script) Requirements Windows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAM Instructions Create and configure a new Windows Virtual Machine Ensure VM is updated completely. You may have to\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12230,"url":"https:\/\/kalilinuxtutorials.com\/scarecrow\/","url_meta":{"origin":23019,"position":4},"title":"ScareCrow : Payload Creation Framework Designed Around EDR Bypass","author":"R K","date":"March 10, 2021","format":false,"excerpt":"ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, utilizing a technique to flush an EDR\u2019s hook out the system DLLs running in the process's\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":20385,"url":"https:\/\/kalilinuxtutorials.com\/adll\/","url_meta":{"origin":23019,"position":5},"title":"aDLL : Adventure of Dynamic Link Library","author":"R K","date":"November 22, 2021","format":false,"excerpt":"aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the Load Library\/Load LibraryEx functions\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEju7KxQ-1q2wKkWamM5_xFKIGHkQRsfL5QcKL9n2NuRWCgzdcuVDkgsTU8iAAnWqd-dqkPLPTkfnPxtWC6-Uvn8b-f3Leg_LNMwFDrEmboDa5Qb18pWT97_NNNufCCUZeLZaLFQOmXluEK4CFTrSVRSPBel-aT6sPq6FjScDwHxAyDB4EcUZpkMEyr9=s799","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEju7KxQ-1q2wKkWamM5_xFKIGHkQRsfL5QcKL9n2NuRWCgzdcuVDkgsTU8iAAnWqd-dqkPLPTkfnPxtWC6-Uvn8b-f3Leg_LNMwFDrEmboDa5Qb18pWT97_NNNufCCUZeLZaLFQOmXluEK4CFTrSVRSPBel-aT6sPq6FjScDwHxAyDB4EcUZpkMEyr9=s799 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEju7KxQ-1q2wKkWamM5_xFKIGHkQRsfL5QcKL9n2NuRWCgzdcuVDkgsTU8iAAnWqd-dqkPLPTkfnPxtWC6-Uvn8b-f3Leg_LNMwFDrEmboDa5Qb18pWT97_NNNufCCUZeLZaLFQOmXluEK4CFTrSVRSPBel-aT6sPq6FjScDwHxAyDB4EcUZpkMEyr9=s799 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEju7KxQ-1q2wKkWamM5_xFKIGHkQRsfL5QcKL9n2NuRWCgzdcuVDkgsTU8iAAnWqd-dqkPLPTkfnPxtWC6-Uvn8b-f3Leg_LNMwFDrEmboDa5Qb18pWT97_NNNufCCUZeLZaLFQOmXluEK4CFTrSVRSPBel-aT6sPq6FjScDwHxAyDB4EcUZpkMEyr9=s799 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/23019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=23019"}],"version-history":[{"count":8,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/23019\/revisions"}],"predecessor-version":[{"id":23027,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/23019\/revisions\/23027"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/23028"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=23019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=23019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=23019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}