research poc
Hit-And-Run: Bypass EDRs via VEH and Call Stack TheftHit-And-Run
A proof-of-concept technique named Hit-And-Run demonstrates how to execute system calls while evading EDR detection by combining Vectored Exception Handling (VEH) with call stack theft. The method sets hardware breakpoints to intercept execution and redirects it through a dummy function to create a legitimate-looking call stack, bypassing inline hooking and call stack analysis. This allows attackers to perform syscalls with attacker-defined parameters without triggering EDR alarms.