all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

RefleXXion - A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc

Add to bookmarks
March 16, 2022, 8:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com

Introduction

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. After that, there are two techniques that the user can choose to bypass the user-mode hooks.


Technique-1, reads the NTDLL as a file from C:\Windows\System32\ntdll.dll. After parsing, the .TEXT section of the already loaded NTDLL (where the hooks are …

av edr epp etc mode red team srdi

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

VectorKernel - PoCs For Kernelmode Rootkit Techniques Research 10 hours ago | www.kitploit.com
64bit api education kernel +17
Cookie-Monster - BOF To Steal Browser Cookies & Credentials 1 day, 10 hours ago | www.kitploit.com
cookie-monster passwords processes python +2
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected 2 days, 10 hours ago | www.kitploit.com
mechanism microsoft mimikatz noargs +3
Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of … 3 days, 10 hours ago | www.kitploit.com
frameless-bitb scanners scripts subdomains +2
Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking 4 days, 1 hour ago | www.kitploit.com
analysis beginners cracking infosec +11
Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The … 6 days, 10 hours ago | www.kitploit.com
api api endpoints automated client +20
APKDeepLens - Android Security Insights In Full Spectrum 1 week ago | www.kitploit.com
android security apkdeeplens mobile security vulnerabilities +1
RemoteTLSCallbackInjection - Utilizing TLS Callbacks To Execute A Payload Without Spawning Any Threads In A … 1 week, 1 day ago | www.kitploit.com
academy anti-debugging api home +8
Sicat - The Useful Exploit Finder 1 week, 2 days ago | www.kitploit.com
exploit finder metasploit modules reconnaissance sicat

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Transfer GMP Compliance Officer

@ Pharmathen | Sapes, East Macedonia and Thrace, Greece
View on infosec-jobs.com

Security Cyber Consultant DRC (m/w/d)

@ Atos | Berlin, DE, D-13353
View on infosec-jobs.com

Penetration Tester - InfoSec

@ Rapid7 | NIS Belfast
View on infosec-jobs.com

Cyber Vulnerability Lead

@ Under Armour | Remote, US
View on infosec-jobs.com
View more jobs