Casual McDonald's Employee Scriptorium

Blog Memes GitHub About

EDR Evasion

Bypassing User-land Hooks

Unhooking

MapModuleToMemory from C# D/Invoke

Direct Syscall

Memory (HellsGate, HaloGate, TartarusGate, RecycledGate)
Disk (GetSyscallStub from C# D/Invoke)
Embedded (SysWhispers 1, 2, 3)

Hardware Breakpoints

TamperingSyscalls2

DLL Entry Point Patching

SharpBlock

Process Mitigation Policy

Blockdlls

Entropy Detection

Adding Non-Random Data
- Dictionary Words
- 0x00 Padding
Use Encoding & Avoid Encryption
- UUID Encoding
- Emojis
Avoid Embedding Payload
- Retrieve From File
- Fetch Remotely

PreviousMicrosoft Windows Defender Application Control (WDAC)NextOffensive Development

Last updated 7 months ago