Hit-And-Run: A Novel Syscall Method for Bypassing EDRs via VEH and Call Stack Theft
Common Information
Type Value
UUID 0060df02-8ea4-4252-8638-c5789a3dab60
Fingerprint c09183b3eb459260
Analysis status DONE
Considered CTI value 1
Text language
Published Dec. 23, 2024, 7:43 a.m.
Added to db Dec. 23, 2024, 9:11 a.m.
Last updated Dec. 23, 2024, 12:17 p.m.
Headline Hit-And-Run: A Novel Syscall Method
Title Hit-And-Run: A Novel Syscall Method for Bypassing EDRs via VEH and Call Stack Theft
Detected Hints/Tags/Attributes 23/1/22
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 168 Infosec on Medium https://medium.com/feed/tag/infosec 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 259
gist.github.com
Details Domain 4702
github.com
Details Domain 4
cyberwarfare.live
Details Domain 5
redops.at
Details Domain 1
winslow1984.com
Details File 578
ntdll.dll
Details File 815
kernel32.dll
Details File 86
kernelbase.dll
Details Github username 7
ccob
Details Github username 2
umarex01
Details Github username 1
redteamoperations
Details Github username 4
rad9800
Details Github username 5
dec0ne
Details md5 3
fe3b63d80890fafeca982f76c8a3efdf
Details Url 1
https://gist.github.com/ccob/fe3b63d80890fafeca982f76c8a3efdf
Details Url 1
https://github.com/umarex01/hit-and-run
Details Url 1
https://cyberwarfare.live/bypassing-av-edr-hooks-via-vectored-syscall-poc
Details Url 1
https://redops.at/en/blog/syscalls-via-vectored-exception-handling
Details Url 1
https://winslow1984.com/books/malware/page/mutationgate
Details Url 1
https://github.com/redteamoperations/veh-poc
Details Url 2
https://github.com/rad9800/tamperingsyscalls
Details Url 3
https://github.com/dec0ne/hwsyscalls