all InfoSec news
RefleXXion - A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc
March 16, 2022, 8:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
Introduction
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. After that, there are two techniques that the user can choose to bypass the user-mode hooks.
Technique-1, reads the NTDLL as a file from C:\Windows\System32\ntdll.dll. After parsing, the .TEXT section of the already loaded NTDLL (where the hooks are …
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Transfer GMP Compliance Officer
@ Pharmathen | Sapes, East Macedonia and Thrace, Greece
Security Cyber Consultant DRC (m/w/d)
@ Atos | Berlin, DE, D-13353
Penetration Tester - InfoSec
@ Rapid7 | NIS Belfast
Cyber Vulnerability Lead
@ Under Armour | Remote, US