Add: hlldz/RefleXXion to Defense Evasion section

2024-10-01 07:45:36 -04:00 · 2022-01-26 15:34:17 +07:00 · 2022-01-26 15:34:17 +07:00 · a00b0de543
commit a00b0de543
parent 449ed1a563
1 changed files with 4 additions and 0 deletions
--- a/Offensive.md
+++ b/Offensive.md
@ -1320,6 +1320,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/hlldz/Invoke-Phant0m">hlldz/Invoke-Phant0m</a></td>
        <td>Windows Event Log Killer</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/hlldz/RefleXXion">hlldz/RefleXXion</a></td>
+        <td>RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/huntresslabs/evading-autoruns">huntresslabs/evading-autoruns</a></td>
        <td>Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)</td>