Outer Web | Explore

Explore >> Select a destination

You are here		alice.climent-pommeret.red EDR Bypass : How and Why to Unhook the Import Address Table - Alice Climent-Pommeret
\|	\|	modexp.wordpress.com Invoking System Calls and Windows Debugger Engine \| modexp	2.2 parsecs away Travel
\|	\|	Introduction Quick post about Windows System calls that I forgot about working on after the release of Dumpert by Cn33liz last year, which is described in this post. Typically, EDR and AV set hooks on Win32 API or NT wrapper functions to detect and mitigate against malicious activity. Dumpert attempts to bypass any user-level hooks...	2.2 parsecs away Travel
\|	\|	oldboy21.github.io All I Want for Christmas is Reflective DLL Injection :: Vincenzo - Blog	4.5 parsecs away Travel
\|	\|	Reflective DLL After some time spent on implementing a Reflective DLL and its beloved Loader/Injector I thought that it could have been a very great first topic for what it might become a long-ish series of blog posts about security, but mostly struggles and C(++). First reason is that I felt like I was struggling a bit finding resources that would really take the topic as a whole and explain any single step, and the reasoning behind it.	4.5 parsecs away Travel
\|	\|	cocomelonc.github.io Malware AV/VM evasion - part 16: WinAPI GetProcAddress implementation. Simple C++ example. - cocomelonc	2.3 parsecs away Travel
\|	\|		2.3 parsecs away Travel
\|	\|	gist.github.com Generic `printf` implementation in Idris2 · GitHub	11.4 parsecs away Travel
\|		Generic `printf` implementation in Idris2. GitHub Gist: instantly share code, notes, and snippets.	11.4 parsecs away Travel