#anti-analysis
Read more stories on Hashnode
Articles with this tag
Protecting Code and Uncovering Debuggers by Watching Memory · I have been exploring some anti-debug techniques listed in the CheckPoint Anti-Debug...
Detecting debugger by inspecting Kernel32.CloseHandle's output. · The documentation of CloseHandle states the following: If the application is running...
Abusing Unhandled Exception filters to detect debuggers · Here's another technique for my anti-analysis collection! It uses an Exception Handler and an...
Recently, I’ve been reversing this first-stage that dynamically loads a copy of ntdll.dll in order to hide malicious behavior from Sandboxes and EDRs....
![[Anti-Analysis] Watching Memory Regions using GetWriteWatch API](https://cdn.hashnode.com/res/hashnode/image/upload/v1769440973805/1d380909-fc52-4962-9cd4-e7f84430dba0.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
![[Anti-Analysis] Abusing CloseHandle API](https://cdn.hashnode.com/res/hashnode/image/upload/v1768758873628/38a5f7c4-f30e-403c-9e63-730536dbd91a.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
![[Anti-Analysis] Unhandled Exception Filters](https://cdn.hashnode.com/res/hashnode/image/upload/v1767116241392/cf80fe63-eec7-4442-afa6-4ea7f3c937c1.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
![[Tool] Quick Snip to Detect ntdll.dll](https://cdn.hashnode.com/res/hashnode/image/upload/v1767128393992/4d706808-86ae-40d2-b1fc-cabbcdf0fccb.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)