EDR Systems Increasingly Use Call Stack Tracing to Detect Malicious Activities

EDR (Endpoint Detection and Response) systems are increasingly employing call stack tracing techniques to detect malicious activities and complicate the tasks of attackers. This article explains how this method works and suggests strategies for masking NTAPI calls to avoid detection by EDR systems, even in the event of stack unwinding.