Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

EDR Evasion Techniques Using Syscalls

itsMe

By MASTERitsMe
in Free Ebook Hacking

 Share

Recommended Posts

itsMe Master Hacker

MASTERitsMe

Posted
Posted

This is the hidden content, please

Introduction Endpoint Detection and Response (EDR) solutions have become a cornerstone in the cybersecurity landscape, offering real-time monitoring and response capabilities to threats at the endpoint level. However, as with any security measure, adversaries continually seek ways to bypass or neutralize them. One of the emerging trends in this cat-and-mouse game is the use of syscalls and API calls to evade detection. This article introduces some of the notable techniques and tools in this domain, including SysWhispers, Tartarus Gate, Perun’s Fart, Hell’s Gate, Hell’s Hall, and more. 1. The Power of Syscalls and API Calls Syscalls (system calls) are direct interfaces to the operating system’s kernel, allowing software to request services from the kernel. By invoking syscalls directly, malware can bypass the higher-level APIs that EDR solutions typically monitor, making detection more challenging. API (Application Programming Interface) calls, on the other hand, are a set of routines and tools for building software applications. Malware can misuse these calls or use less common APIs to evade detection. 2. SysWhispers SysWhispers is a tool that aids in the generation of shellcode that invokes syscalls directly. By doing so, it can bypass security products that monitor API calls. SysWhispers provides a bridge between current red team tooling and direct syscall execution to enhance evasion. 3. Tartarus Gate Tartarus Gate is a sophisticated technique that dives deep into the realm of syscalls. It’s a method that leverages the power of syscalls to execute code and manipulate processes, all while staying under the radar of most EDR solutions. 4. Perun’s Fart Named after the Slavic god of thunder, Perun’s Fart is a technique that focuses on finding a fresh, unhooked copy ofntdllwithout reading it from the disk. The idea is to exploit the brief window between a new process’s instantiation and the moment AV/EDR tools inject their hooks. 5. Hell’s Gate and Hell’s Hall Hell’s Gate and Hell’s Hall are techniques that revolve around dynamic system call invocation. By leveraging these methods, attackers can execute syscalls dynamically, making it harder for EDR solutions to detect malicious activities.

This is the hidden content, please

This is the hidden content, please

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.