Blog

Classic API Unhooking to Bypass EDR Solutions

Posted by Brendan Ortiz on November 29, 2021

Defeating Av

Intro This blog post will be covering the classic technique used to unhook Windows APIs from EDR solutions. API hooking is a technique that is used by anti-virus and EDR solutions in an attempt to monitor process and code behavior in real time. Commonly, EDR solutions will hook Windows APIs in NTDLL.dll because the APIs in the NTDLL.dll...Continue reading 

Reflective DLL Injection in C++

Posted by Brendan Ortiz on October 31, 2021

Dllinjeciton

TL;DR Implant with our encrypted DLL -> allocates memory for the DLL -> put the decrypted DLL into that memory space -> find the offset of the exported ReflectiveLoader function in the DLL -> call the ReflectiveLoader function -> ReflectiveLoader searches backward for the start of the DLL in memory -> allocates a...Continue reading 

Selecting a Penetration Testing Provider – PART 2

Posted by Jake Reynolds on October 12, 2021

In last week’s blog, I started outlining some of the considerations when choosing a penetration testing provider, including a list of general questions you should ask during your early correspondence with a prospective provider. As mentioned in my previous post, procuring offensive security services is a relatively new undertaking for many companies, and the complexities can make...Continue reading 

Have Questions?
Get Answers