Why indirect syscalls slip past some EDR hooks
A conceptual look at why user-mode hooking is a leaky abstraction — and what that means for defenders who rely on it.
Offensive
Red-team tradecraft, tooling, and offensive research.
Red-team tradecraft, tooling, and offensive research.
A conceptual look at why user-mode hooking is a leaky abstraction — and what that means for defenders who rely on it.