Bypassing AV/EDR API Hooks | A Deep Dive into Direct System Calls | Red Teaming

Hello Everyone! In this video, we explore advanced techniques for bypassing modern Endpoint Detection and Response (EDR) systems and antivirus solutions. You'll learn how to leverage API hooks and direct system calls to execute payloads stealthily, avoiding detection by security tools. Whether you're an ethical hacker, red teamer, or cybersecurity enthusiast, this in-depth guide will provide you with practical insights into evasion tactics and stealthy execution. Enhance your understanding of modern bypass methods and take your offensive security skills to the next level. Timestamps: 0:00 Intro 1:24 Intro to syscalls and direct syscalls 4:00 Practical usage of a syscall 6:33 How EDRs hook WinAPI calls 10:12 Setting up our development env 14:51 Setting up function prototype and custom syscall stubs 27:21 Remote Process Injection using a shellcode 30:00 Final POC Resources : Link to the slide used in the video : https://drive.google.com/file/d/1ShR2... Github repo of the POCs used in the video : https://github.com/Vedant-Bhalgama/Di... Further References of syscalls and Direct System Calls : https://www.outflank.nl/blog/2019/06/... https://redops.at/en/blog/direct-sysc... https://malwaretech.com/2023/12/an-in... https://www.depthsecurity.com/blog/cl... Note: All videos and tutorials are for informational and educational purposes only. I believe that ethical hacking, information security, and cybersecurity should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on this channel are only for those interested in learning about Ethical Hacking, Security, and Penetration Testing. Hacking tutorials are against the misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.