[Tool] Quick Snip to Detect ntdll.dll
Recently, I’ve been reversing this first-stage that dynamically loads a copy of ntdll.dll in order to hide malicious behavior from Sandboxes and EDRs. This technique has been widely documented in open-source research already, [1][2][3][4][5].
Luckily...
