Description
AV and EDR products monitor your process by patching the first bytes of sensitive Windows API functions inside ntdll.dll. Once you understand how those hooks work, you can bypass them entirely, without ever touching the hooked code. This module covers six techniques, from direct syscalls and Hell’s Gate to surgical per-function unhooking.
There are no reviews yet.