Παράκαμψη ανίχνευσης EDR μέσω Hookchain
Bypassing EDR detection through Hookchain
View/
Keywords
HookChain ; EDR ; Indirect Syscalls ; Dynamic SSN Resolution ; IAT HookingAbstract
Cyberattacks are evolving at alarming rates, now representing one of the biggest challenges
worldwide. Their impacts are manifold, and there is a pressing need to create advanced security
frameworks. Endpoint Detection and Response (EDRs) is a cutting-edge technology that can
defend against threats, leveraging techniques such as behavioral analysis, machine learning,
and real-time monitoring. Although it is used by many organizations, it still has several gaps, and
according to a study by Helvio Junior, there is still room for improvement.
This work was mainly based on the study of the HookChain method, which bypasses the
detection of EDRs through Indirect Syscalls, Dynamic SSN Resolution, and IAT Hooking. In
combination with modern obfuscation techniques and the use of techniques included in the
Hookchain method, experiments were conducted with various variations, where the handling
of the EDRs towards them was recorded.