atrielienz@lemmy.world to

Technology@lemmy.worldEnglish · 2 days ago

Windows Defender Anti-virus Bypassed Using Direct Syscalls & XOR Encryption

cybersecuritynews.com

103

Windows Defender Anti-virus Bypassed Using Direct Syscalls & XOR Encryption

cybersecuritynews.com

atrielienz@lemmy.world to

Technology@lemmy.worldEnglish · 2 days ago

Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption

cybersecuritynews.com

A new sophisticated method to bypass Microsoft's Windows Defender antivirus protection by combining direct syscalls with XOR encryption techniques.

“According to the research published by Hackmosphere, the technique works by avoiding the conventional execution path where applications call Windows API functions through libraries like kernel32.dll, which then forwards requests to ntdll.dll before making the actual system call to the kernel.”

Additional Information:

https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-1/

https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/

Chat

Quazatron@lemmy.world
link
fedilink
English
arrow-up
13·
2 days ago
That’s how it was done in the old days to save a few cycles in Z80 assembly. XOR A instead of LD A, 0.
- InverseParallax@lemmy.world
  link
  fedilink
  English
  arrow-up
  3·
  2 days ago
  I use that daily in my accelerator work.
  
  Once you learn the trick, you just use it naturally.

Technology@lemmy.world

technology@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

5.07K users / day
10.5K users / week
20.6K users / month
37.3K users / 6 months
1.01K local subscribers
68.7K subscribers
14.8K Posts
594K Comments
Modlog