In this blog, we discuss the different approaches of AV/EDRs static analysis and detection. A legacy antivirus software was dependent on signature based detection. They calculate the hash of binary…

SystemWeakness's platform is  dedicated to cybersecurity education and awareness, offering insights into common security vulnerabilities, attack techniques, and risk mitigation strategies. Through articles, tutorials, and security advisories, SystemWeakness offers insights into securing software applications, networks, and systems from cyber threats. Readers can learn about secure coding practices, penetration testing methodologies, and incident response procedures to strengthen their cybersecurity posture and protect against cyber attacks.

System Weakness

This post details techniques to bypass static analysis by AV/EDR solutions, focusing on process environment block (PEB) walking to hide API calls and obfuscate imports. It walks through stages of developing malware to evade detection, from simple injection to advanced PEB walk and API obfuscation, highlighting the inspection process and results at each stage.

PEB Walk: Avoid API calls inspection in IAT by analyst and bypass static detection of AV/EDR