|
@yarden_shafir | |||||
|
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these!
windows-internals.com/dkom-now-with-…
|
||||||
|
||||||
|
red plait
@real_redp
|
4. velj |
|
if I understood correctly we need to check only links without name (bcs LinkTarget in union with Callback)
|
||
|
|
||
|
Yarden Shafir
@yarden_shafir
|
4. velj |
|
Yes, that's true :)
|
||
|
|
||
|
Oliver Baumgart
@OliverBaumgart
|
2. velj |
|
Can't wait for Part 2... Very nice find!
|
||
|
|
||
|
Asa Hunt
@AsaHunt89
|
4 h |
|
Good question... I'm gonna send this to our detection engineers and find out though!
|
||
|
|
||