DanderSpritz Docs

Documentation about the Equation Group's DanderSpritz post-exploitation framework

View project on GitHub


DanderSpirtz Safety Handlers

This content is still under construction

Safety Handers are wrapper scripts used by DanderSpritz to prevent the operator or automated tools (such as plugins) from taking specific actions that may be detected by Personal Protection Products (PSPs) on the target or by security tools deployed on the target’s network.

Types of safety handlers

  • Windows Event logging / auditing safety handlers
  • Limit the amount of memory being used by commands & plugins being executed
  • Throttle network traffic
  • Prevent Registry additions
  • Prevent queries of specific registry keys or locations
  • Prevent process injection
  • Prevent DanderSpritz from dropping executables onto the machine
  • Prevent DanderSpritz from loading DLLs

Sample safety handler triggers

this content is coming soon

DanderSpritz_docs is maintained by francisck.

This page was generated by GitHub Pages.