syscalls | Sevro Security

Oct 14 2020

Alaris | A Protective Loader

in assembly, C++, Defender Bypass, EDR Bypass, Shellcode Loader, syscalls

To date, we've reviewed techniques such as shellcode loading and encryption, circumventing detection, and building in our own syscalls. Today, I'm releasing Alaris, a new shellcode loader that will utilize many of the previous techniques discussed within this blog as well as add a few new...

Read more

6

Apr 13 2020

Process Injection Part 2 | QueueUserAPC()

in assembly, AV Bypass, Code Execution, Process Injection, Shellcode, syscalls, Sysmon, System Calls

Low Level Process Injection using QueueUserAPC() via direct x86 asm syscalls to bypass AV, EDR, and Sysmon....

Read more

1

Apr 08 2020

Process Injection Part 1 | CreateRemoteThread()

in assembly, C++, Process Injection, syscalls, Sysmon, System Calls

Process Injection using Direct Syscalls and CreateRemoteThread...

Read more

4