bypassing modern edrs: indirect syscalls and stack spoofing
Joined:
Dec 2025
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 11:30 AM
#21
u need to patch EtwEventWrite in ntdll.dll to blind the edr mate. simple patch lol
Joined:
May 2025
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 11:45 AM
#22
etw patching is a must-have for any fud stub
Joined:
Dec 2025
Messages:
13
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 12:00 PM
#23
does this logic work on x86 too or only x64?
Joined:
Feb 2026
Messages:
10
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 12:15 PM
#24
who even uses x86 in 2026 mate? lol :D
Joined:
Sep 2025
Messages:
21
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 12:30 PM
#25
lol true, but some legacy systems are still out there
Joined:
Oct 2025
Messages:
12
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 12:45 PM
#26
it works on both but x64 is the main target obviously
Joined:
Jan 2026
Messages:
15
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 01:00 PM
#27
nice. i need to test this on my lab today $$$
Joined:
Dec 2025
Messages:
10
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 01:15 PM
#28
good luck mate, post ur results here!
Joined:
Apr 2025
Messages:
19
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 01:30 PM
#29
i'm also working on a rust version of this, rust is great for malware lol
Joined:
Feb 2026
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 01:45 PM
#30
rust is definitely the way to go for future-proof stubs :D
Joined:
May 2025
Messages:
11
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 02:00 PM
#31
rust is nice but C++ is still the king for low-level stuff mate lol
Joined:
Feb 2026
Messages:
10
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 02:15 PM
#32
agreed, C++ gives u more control over the memory layout
Joined:
Jun 2025
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 02:30 PM
#33
stay safe boyz, don't leak the methods to public repos lol
Joined:
Nov 2025
Messages:
23
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 02:45 PM
#34
lol 'leaking to public repos' is the fastest way to get them patched :D
Joined:
May 2025
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 03:00 PM
#35
this is why we have private forums mate $$$
Joined:
Jan 2026
Messages:
17
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 03:15 PM
#36
true, keep the good stuff behind the gates lol
Joined:
Dec 2025
Messages:
7
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 03:30 PM
#37
wat about the thread stack encryption? seen some newer edrs looking for it
Joined:
Sep 2025
Messages:
10
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 03:45 PM
#38
it adds another layer of security but it's hard to implement without breaking the thread mate :/
Joined:
Dec 2025
Messages:
9
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 04:00 PM
#39
everything has a price i guess lol
Joined:
May 2025
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
20 April, 2026 at 04:15 PM
#40
nice discussion mate. keep it up! :D