WNF Chronicles I: Introduction
WNF is a Kernel component internally used to send notifications accross the system, which can be abused to achieve malicious goals.
Offensive Security
Bypassing Antivirus using Direct System Calls
In today’s post we will talk about how most AV/EDRs detect malicious behaviours and a really interesting way to bypass them. PEzor is a tool developed by @phra which I have analyzed to understand how Direct System Calls can be used for this purpose.