#hooks
Read more stories on Hashnode
Articles with this tag
Recently, I’ve been reversing this first-stage that dynamically loads a copy of ntdll.dll in order to hide malicious behavior from Sandboxes and EDRs....
![[Tool] Quick Snip to Detect ntdll.dll](https://cdn.hashnode.com/res/hashnode/image/upload/v1767128393992/4d706808-86ae-40d2-b1fc-cabbcdf0fccb.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)