伪造调用栈来迷惑EDR和杀软 | CTF导航
Tags
Common Information
Type | Value |
---|---|
UUID | c6815fec-070d-4b49-8264-0cd94b1e7479 |
Fingerprint | a3bfa76ce6e397fc |
Analysis status | DONE |
Considered CTI value | -2 |
Text language | |
Published | Nov. 3, 2024, midnight |
Added to db | Nov. 28, 2024, 5:13 p.m. |
Last updated | Dec. 24, 2024, 12:04 a.m. |
Headline | 伪造调用栈来迷惑EDR和杀软 |
Title | 伪造调用栈来迷惑EDR和杀软 | CTF导航 |
Detected Hints/Tags/Attributes | 5/0/32 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.ctfiot.com/217595.html |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 4709 | github.com |
|
Details | Domain | 4 | doxygen.reactos.org |
|
Details | Domain | 4 | codemachine.com |
|
Details | Domain | 5 | www.notion.so |
|
Details | File | 4 | sysmondrv.sys |
|
Details | File | 2 | c:\users\wb\source\repos\vulcanraven\vulcanraven\vulcanraven.cpp |
|
Details | File | 2 | d:\a01\_work\43\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp |
|
Details | File | 38 | c:\windows\system32\ntdll.dll |
|
Details | File | 22 | c:\windows\system32\kernelbase.dll |
|
Details | File | 2 | c:\windows\system32\lsm.dll |
|
Details | File | 8 | c:\windows\system32\rpcrt4.dll |
|
Details | File | 25 | c:\windows\system32\kernel32.dll |
|
Details | File | 2 | vulcanraven.exe |
|
Details | File | 1 | 一个反射式dll被注入到cmd.exe |
|
Details | File | 1 | 虽然使用cmd.exe |
|
Details | File | 2 | except.cpp |
|
Details | File | 2 | unwind_8c.html |
|
Details | File | 2 | x64_deep_dive.html |
|
Details | Github username | 6 | mgeeky |
|
Details | Github username | 4 | cracked5pider |
|
Details | Github username | 3 | hzqst |
|
Details | Github username | 52 | microsoft |
|
Details | Github username | 7 | countercept |
|
Details | md5 | 3 | fe3b63d80890fafeca982f76c8a3efdf |
|
Details | Url | 2 | https://github.com/mgeeky/threadstackspoofer |
|
Details | Url | 3 | https://github.com/cracked5pider/ekko |
|
Details | Url | 2 | https://github.com/hzqst/unicorn_pe/blob/master/unicorn_pe/except.cpp#l773 |
|
Details | Url | 2 | https://doxygen.reactos.org/d8/d2f/unwind_8c.html#a03c91b6c437066272ebc2c2fff051a4c |
|
Details | Url | 2 | https://github.com/microsoft/krabsetw/pull/191 |
|
Details | Url | 2 | https://codemachine.com/articles/x64_deep_dive.html |
|
Details | Url | 1 | https://www.notion.so/fe3b63d80890fafeca982f76c8a3efdf?pvs=21 |
|
Details | Url | 2 | https://github.com/countercept/callstackspoofer |