MatheuZ · Apr 2, 2025 · 12:03 PM UTC

MatheuZ · Apr 2, 2025 · 12:03 PM UTC

MatheuZ

MatheuZ @MatheuzSecurity

Apr 2

github.com/MatheuZSecurity/U… Hey guys, I posted a really cool zine in pure TXT about Unhooking Linux EDR, attacking the cleanup_module function, to be able to remove any hook from an EDR for example. Feel free to read.

Apr 2, 2025 · 12:03 PM UTC

149

John V. | YouTube Editing Guy · Jun 6, 2025 · 5:00 PM UTC

John V. | YouTube Editing Guy

@john_visuals

Jun 6

Replying to @MatheuzSecurity

Whoa, this is wild—unhooking EDRs like that is clever! I’ve been digging into kernel stuff lately too. Ever tried messing with kprobes for this? Just sent you a little something in DMs you might like—check it out when you can!

red plait · Apr 3, 2025 · 2:56 AM UTC

red plait @real_redp

Apr 3

Replying to @MatheuzSecurity

kprobes/uprobes?