Hit-And-Run: A Novel Syscall Method for Bypassing EDRs via VEH and Call Stack Theft
Tags
attack-pattern: | Hardware - T1592.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Hooking - T1179 Hooking |
Common Information
Type | Value |
---|---|
UUID | 0060df02-8ea4-4252-8638-c5789a3dab60 |
Fingerprint | c09183b3eb459260 |
Analysis status | DONE |
Considered CTI value | 1 |
Text language | |
Published | Dec. 23, 2024, 7:43 a.m. |
Added to db | Dec. 23, 2024, 9:11 a.m. |
Last updated | Dec. 23, 2024, 12:17 p.m. |
Headline | Hit-And-Run: A Novel Syscall Method |
Title | Hit-And-Run: A Novel Syscall Method for Bypassing EDRs via VEH and Call Stack Theft |
Detected Hints/Tags/Attributes | 23/1/22 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Details | 168 | ✔ | Infosec on Medium | https://medium.com/feed/tag/infosec | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 259 | gist.github.com |
|
Details | Domain | 4702 | github.com |
|
Details | Domain | 4 | cyberwarfare.live |
|
Details | Domain | 5 | redops.at |
|
Details | Domain | 1 | winslow1984.com |
|
Details | File | 578 | ntdll.dll |
|
Details | File | 815 | kernel32.dll |
|
Details | File | 86 | kernelbase.dll |
|
Details | Github username | 7 | ccob |
|
Details | Github username | 2 | umarex01 |
|
Details | Github username | 1 | redteamoperations |
|
Details | Github username | 4 | rad9800 |
|
Details | Github username | 5 | dec0ne |
|
Details | md5 | 3 | fe3b63d80890fafeca982f76c8a3efdf |
|
Details | Url | 1 | https://gist.github.com/ccob/fe3b63d80890fafeca982f76c8a3efdf |
|
Details | Url | 1 | https://github.com/umarex01/hit-and-run |
|
Details | Url | 1 | https://cyberwarfare.live/bypassing-av-edr-hooks-via-vectored-syscall-poc |
|
Details | Url | 1 | https://redops.at/en/blog/syscalls-via-vectored-exception-handling |
|
Details | Url | 1 | https://winslow1984.com/books/malware/page/mutationgate |
|
Details | Url | 1 | https://github.com/redteamoperations/veh-poc |
|
Details | Url | 2 | https://github.com/rad9800/tamperingsyscalls |
|
Details | Url | 3 | https://github.com/dec0ne/hwsyscalls |