13 Apr, 2022

On-Disk Detection

Hi everyone, today I am going to explain some techniques to bypass AV/EDR’s static as well as dynamic detection. The main focus is to bypass on-disk detection of binary which is using direct syscalls. As a red teamer and security guy, I always try to find new stealthy methods to bypass security controls. My offensive approach can help blue team to mitigate these threats. As I always mention one thing in my blogs that “Offense is the best defense”. Before starting I want to recall that I have mentioned some techniques in my previous blog to bypass AV/EDR security solutions like random procedures names, strong encryption, direct syscalls and API hashing. More