Sentinel One EDR misc information

by | Jan 5, 2021 | AV, Blue Team, Red team, Security, Windows | 0 comments

Reading Time: < 1 minute

Driver : SentinelMonitor Altitude 389040

Services:

Name=LogProcessorService; DisplayName=SentinelOne Agent Log Processing Service; ServiceName=LogProcessorService
Name=SecurityHealthService; DisplayName=Windows Security Service; ServiceName=SecurityHealthService
Name=SentinelAgent; DisplayName=Sentinel Agent; ServiceName=SentinelAgent
Name=SentinelHelperService; DisplayName=SentinelHelperService; ServiceName=SentinelHelperService
Name=SentinelStaticEngine; DisplayName=SentinelOne Static Service; ServiceName=SentinelStaticEngine

Hooked functions

NTDLL

RtlAddVectoredExceptionHandler
LdrLoadDll
NtSetInformationThread
NtAllocateVirtualMemory
NtSetInformationProcess
NtFreeVirtualMemory
NtOpenProcess
NtMapViewOfSection
NtUnmapViewOfSection
NtTerminateProcess
NtQuerySystemInformation
NtWriteVirtualMemory
NtReadVirtualMemory
NtQueueApcThread
NtProtectVirtualMemory
NtResumeThread
NtCreateThreadEx
NtCreateUserProcess
NtLoadDriver
NtMapUserPhysicalPages
NtQuerySystemInformationEx
NtQueueApcThreadEx
NtSetContextThread
KiUserApcDispatcher

Kernel32.dll : Wow64SetThreadContext

Urlmon.dll : CreateURLMonikerEx

kernelbase.dll

CreateProcessInternalW
CopyFileExW
LoadLibraryA
UnhandledExceptionFilter

0

Submit a Comment

Your email address will not be published. Required fields are marked *