Posted by Brendan Ortiz on November 29, 2021
Intro This blog post will be covering the classic technique used to unhook Windows APIs from EDR solutions. API hooking is a technique that is used by anti-virus and EDR solutions in an attempt to monitor process and code behavior in real time. Commonly, EDR solutions will hook Windows APIs in NTDLL.dll because the APIs in the NTDLL.dll...Continue reading
Posted by Brendan Ortiz on October 31, 2021
TL;DR Implant with our encrypted DLL -> allocates memory for the DLL -> put the decrypted DLL into that memory space -> find the offset of the exported ReflectiveLoader function in the DLL -> call the ReflectiveLoader function -> ReflectiveLoader searches backward for the start of the DLL in memory -> allocates a...Continue reading
Posted by Jake Reynolds on October 12, 2021
In last week’s blog, I started outlining some of the considerations when choosing a penetration testing provider, including a list of general questions you should ask during your early correspondence with a prospective provider. As mentioned in my previous post, procuring offensive security services is a relatively new undertaking for many companies, and the complexities can make...Continue reading
