Tag: OdinLdr

OdinLdr Cobaltstrike UDRL for beacon and post-ex tools. Use NtApi call with synthetic stackframe to confuse EDR based on stackframe detection. Beacon Use BeaconUserData structure to give memory information to beacon and allocate memory for BOF & Sleepmask. This UDRL allocate memory region in RW for beacon, copy virtual beacon and patch IAT/reloc then correct…