Tuesday, October 19, 2021

Detect-Hooks: Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will return a list of detected API hooks or let the operator know no hooks were detected. This can be useful knowledge to have before performing certain post-exploitation actions. This BOF is only a slight modificaiton of the work already done by @spotheplanet which can be found on their ired.team blog below.

This tool wouldn’t exist without bein…

Read More

Latest news
Related news