Tuesday, October 19, 2021

Shellcode Detection Using Real-Time Kernel Monitoring

Shellcode Detection Using Real-Time Kernel Monitoring

The tools used to load code into memory have changed a lot recently. I have seen this evolution in shellcode, manually mapped images and other types of code execution methods. Sometimes, some of these techniques need to circumvent mitigations imposed by the operating system, such as bypassing AMSI , disabling writing to the Event-Log or evading hooks placed by EDRs in user space to avoid being detected.

A typical use case used by attackers …

Read More

Latest news
Related news