Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …
Tag: edr
Notes :: Getting around some Defenses
Trying to read up on this for some work things. Dropping a few links here. Will add more notes as I go on. —————————————————————— bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis “”” It’s worth noting that not all the functions get hijacked by AVs/EDRs. Usually only those functions that are known to be abused over and over again in the wiled that Read More …