Nov 10, 2023, 02:52 PM
(This post was last modified: Nov 10, 2023, 02:59 PM by s4ltyt04st.)
Hey there,
I've been developing some malware trying to bypass Cortex's XDR. I have a malware that creates a process and injects a payload into it, I do all this whith syscalls (without the command syscall in my asm code, I do a jump in a memory space where I know that is an instruction syscall and a ret), but Cortex still catching my malware by "Behaviour".
Does anyone now how can Cortex catch this if I ain't using the ntdll.dll so Cortex shouldn't been able to see my actions?
Thanks.
I've been developing some malware trying to bypass Cortex's XDR. I have a malware that creates a process and injects a payload into it, I do all this whith syscalls (without the command syscall in my asm code, I do a jump in a memory space where I know that is an instruction syscall and a ret), but Cortex still catching my malware by "Behaviour".
Does anyone now how can Cortex catch this if I ain't using the ntdll.dll so Cortex shouldn't been able to see my actions?
Thanks.