🛠 API Unhooking with Perun's Fart
An article about a new method of avoiding AV/EDR by creating a process in a suspended state and getting a copy of the ntdll from the new process before it is hijacked by AV/EDR.
Research:
https://dosxuz.gitlab.io/post/perunsfart/
PoC:
https://github.com/dosxuz/PerunsFart
#av #edr #evasion #api #unhooking #resarch
An article about a new method of avoiding AV/EDR by creating a process in a suspended state and getting a copy of the ntdll from the new process before it is hijacked by AV/EDR.
Research:
https://dosxuz.gitlab.io/post/perunsfart/
PoC:
https://github.com/dosxuz/PerunsFart
#av #edr #evasion #api #unhooking #resarch
dosxuz.gitlab.io
API Unhooking with Perun's Fart
Pre-requisites To fully understand this topic, one needs to have some knowledge about the following concepts:
Little bit of C++ programming Some knowledge of API hooking by AV/EDR software Basic understanding of the PE structures Basic knowledge about Win32…
Little bit of C++ programming Some knowledge of API hooking by AV/EDR software Basic understanding of the PE structures Basic knowledge about Win32…