From 950e29a41c26faa353f34d027ab418cdcaab5170 Mon Sep 17 00:00:00 2001 From: Cn33liz Date: Wed, 19 Jun 2019 12:36:00 +0200 Subject: [PATCH] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b3d0dae..1079862 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ Recent malware research shows that there is an increase in malware that is using These tools demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike, while not touching disk and evading AV/EDR monitored user-mode API calls. +More info about the used techniques can be found on the following Blog: +https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/ + Two version of the code are included: An executable version and a DLL version of the code. @@ -24,7 +27,4 @@ This project is written in C and assembly. You can use Visual Studio to compile it from source. ``` -More info about the used techniques can be found on the following Blog: -https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/ - The sRDI code can be found here: https://github.com/monoxgas/sRDI \ No newline at end of file