DerRedEdr
Upload your Red Teaming tool to see the runtime detection surface.
This is a online version of RedEDR
(RedEDR UI).
Captured events:
- ETW & ETW-TI (Threat Intelligence) events with KrabsETW & pplrunner
- Usermode ntdll.dll hooking (NtVirtualProtect() etc)
- Kernel callbacks
Overview of captured events.
Detections are in JSON key `detection`.
Upload
- .exe only
- 10 seconds VM runtime
- Internet access
- Analysis results are public (JSON & filename)
- Uploaded files are not public
- Uploader IP and all VM network communication is logged
- Do not misuse this service
- Analysis will take about a minute
- Not really suitable for malware analysis
Results