EDRSandBlast EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections Multiple userland unhooking techniques are also implemented to evade userland monitoring As of release, combination of userland (--usermode) and Kernel-land (--kernelmode) tec