API Unhooking with Perun's Fart
Pre-requisites To fully understand this topic, one needs to have some knowledge about the following concepts:
Little bit of C++ programming Some knowledge of API hooking by AV/EDR software Basic understanding of the PE structures Basic knowledge about Win32 APIs and their workings Introduction Recently, while going through some malware evasion techniques, I came across a very new and uncommon technique, called Perun’s Fart in a Blog by Sektor7. This is a novel technique, which primarily focuses on retrieving a fresh unhooked copy of the ntdll.