research poc
Offensive Programming with Nim: EDR Evasion via Direct Syscalls and UnhookingNim-EDR-Evasion-Direct-Syscalls
A research proof-of-concept demonstrates using the Nim programming language to evade EDR detection by disabling AMSI and ETW, invoking NT system calls directly, and unhooking ntdll.dll. The article provides a technical walkthrough for educational purposes, highlighting how these techniques can bypass user-mode API monitoring.