Ekko_CFG_Bypass A PoC for adding NtContinue to the CFG allowed list in order to make callback-based sleep obfuscation techniques work in a CFG protected process. Use the markCFGValid_std function to call SetProcessValidCallTargets and the markCFGValid_nt function to call NtSetInformationVirtualMemory. https://github.com/IcebreakerSecurity/Ekko_CFG_Bypass t.me/hackgit 455 views10:13
