This blog post is the first part of a series focused on malware detection evasion techniques on Windows. In particular, in this post we look at userland API hooking techniques employed by various security products and ways to identify and bypass them, and eventually we disclose our novel unhooking technique called Whisper2Shout. The research was made by Dimitri Di Cristofaro (GlenX) from SECFORCE and myself Giorgio Bernardinetti (gbyolo).
The original blogpost was published by SECFORCE LTD and is available here.
Do not hesitate to contact us for any question, suggestion or improvement!