Casual McDonald's Employee Scriptorium

Blog Memes GitHub About

root@JesusCries
⛩️Red Teaming
🧊Active Directory & Pentest
- Check List
🚩CTF Writeups
- Reverse Engineering
- Binary Exploitation
🤡Clown Chronicles

Powered by GitBook

On this page

Bypassing User-land Hooks
Unhooking
Direct Syscall
Hardware Breakpoints
DLL Entry Point Patching
Process Mitigation Policy
Entropy Detection

Red Teaming

Evasion

EDR Evasion

Bypassing User-land Hooks

Unhooking

MapModuleToMemory from C# D/Invoke

Direct Syscall

Memory (HellsGate, HaloGate, TartarusGate, RecycledGate)
Disk (GetSyscallStub from C# D/Invoke)
Embedded (SysWhispers 1, 2, 3)

Hardware Breakpoints

TamperingSyscalls2

DLL Entry Point Patching

SharpBlock

Process Mitigation Policy

Blockdlls

Entropy Detection

Adding Non-Random Data
- Dictionary Words
- 0x00 Padding
Use Encoding & Avoid Encryption
- UUID Encoding
- Emojis
Avoid Embedding Payload
- Retrieve From File
- Fetch Remotely

PreviousMicrosoft Windows Defender Application Control (WDAC)NextOffensive Development

Last updated 1 year ago

⛩️