Following Blue team security researchers is extremely fascinating. The battleground of Blue teams vs cyber criminals is constantly moving forward.
The linked article below is a security researchers demonstrating how to avoid detection with most EDR solutions.
combining all of our knowledge, we now can practically use everything we want, under the radar, evading the EDR big eyes, even install hooks on ntdll.dll using the PEB without using GetModuleHandleW, and without using any native windows API such as WriteProcessMemory, since we can execute the same actions using our own assembly, I will now leave you guys to modify the hooking code that I showed you before, with our PEB trick that we learned In this article 😉
https://medium.com/@omribaso/this-is-how-i-bypassed-almost-every-edr-6e9792cf6c44
https://medium.com/@omribaso/this-is-how-i-bypassed-almost-every-edr-6e9792cf6c44
Leave a Reply
You must be logged in to post a comment.