Skip to content

SolomonSklash/UnhookingPOC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
UnhookingPOC
UnhookingPOC
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

UnhookingPOC

A small overly well-commented POC for removing API hooks placed by AV/EDR.

Overview

This repo is a small proof of concept for removing AV/EDR hooks in a given DLL, in this case ntdll.dll. It was originally written by @spotless and is located here. Thanks spotless!

I made few small changes in functionality and added many new comments and documentation of the process and the involved functions. This is mainly to help myself gain a better understanding of how to defeat API hooks and hopefully the comments will help others as well.

It was written to accompany my blog post here.

About

A small commented POC for removing API hooks placed by AV/EDR.

Resources

Readme
Activity

Stars

34 stars

Watchers

2 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages