Bypassing an EDR

cyber security, internet security, computer security-1923446.jpg

Following Blue team security researchers is extremely fascinating. The battleground of Blue teams vs cyber criminals is constantly moving forward.

The linked article below is a security researchers demonstrating how to avoid detection with most EDR solutions.

combining all of our knowledge, we now can practically use everything we want, under the radar, evading the EDR big eyes, even install hooks on ntdll.dll using the PEB without using GetModuleHandleW, and without using any native windows API such as WriteProcessMemory, since we can execute the same actions using our own assembly, I will now leave you guys to modify the hooking code that I showed you before, with our PEB trick that we learned In this article 😉

https://medium.com/@omribaso/this-is-how-i-bypassed-almost-every-edr-6e9792cf6c44

https://medium.com/@omribaso/this-is-how-i-bypassed-almost-every-edr-6e9792cf6c44

Leave a Reply

Your email address will not be published.