Sanctum is a proof-of-concept EDR like tool, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
As one of the first actions for the DLL, and the implementation could be a little tricky, just do a POC for receiving a jmp from a syscall, and then return execution to the main application.
Technical notes
Does this need to execute the syscall ourselves, or can execution be passed straight back?
As one of the first actions for the DLL, and the implementation could be a little tricky, just do a POC for receiving a jmp from a syscall, and then return execution to the main application.
Technical notes
Does this need to execute the syscall ourselves, or can execution be passed straight back?