Warning: Contains minor spoilers! It’s been two weeks since I’ve seen the film, and one week since I’ve seen the film again, and I can’t get the music out of my head. Ludw…| a closer listen
For avoiding EDR userland hooks, there are many ways to cook an egg: Direct system calls (syscalls), Indirect syscalls, unhooking, hardware breakpoints, and bringing and loading your own version of a library. These methods each have advantages and disadvantages. When developing a C2 implant it’s nice to work with a combination of multiple of these. For instance, you could use a strong (in)direct syscall library for direct usermode to kernel transition, then use unhooking or hardware breakpo...| Outflank
Sekoia.io C2 Trackers identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022.| Sekoia.io Blog