FalconEye – Real-time detection software for Windows process injections

From kitploit.com

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening (real-time). Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection techniques that try to evade various user-mode hooks.

You can check our presentation at 2021 Blackhat ASIA Arsenal and slides.

Read more…