APT – Telegram

APT

Evading EDR with ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.

https://adamsvoboda.net/evading-edr-with-scarecrow/

https://www.grahamhelton.com/blog/scarecrow/

https://github.com/optiv/ScareCrow

#edr_evasion #shellcode_loader #syscalls

👍2

397 viewsedited 10:41

APT

⚙️ Introduction to Bypassing Hooks EDR

The article explores methods of bypassing EDR hooks in the user mode of the Windows operating system, starting with an explanation of system calls and their role in transitioning between user and kernel modes. Subsequently, various techniques for bypassing hooks are discussed, including direct and indirect syscalls, along with their advantages and potential limitations when used for evading protective mechanisms.

🔗 https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html

#maldev #edr #hooks #syscalls

Malwaretech

An Introduction to Bypassing User Mode EDR Hooks

Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.

🔥8👍3

4.95K views12:04

APT

🖥

Assembly for Hackers

"Assembly Unleashed: A Hacker's Handbook" is a definitive resource tailored specifically for hackers and security researchers seeking to master the art of assembly programming language. Authored by seasoned practitioners in the field, this book offers a comprehensive journey into the depths of assembly, unraveling its complexities and exposing its potential for exploitation and defense.

🔗 Source:
https://redteamrecipe.com/assembly-for-hackers

#asm #syscalls #dll #apc #injection #redteam

Please open Telegram to view this post

VIEW IN TELEGRAM

ExpiredDomains.com

redteamrecipe.com is for sale! Check it out on ExpiredDomains.com

Buy redteamrecipe.com for 195 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.

👍10🔥2❤1

5.28K views10:34

About

Blog

Apps

Platform