#windows
Read more stories on Hashnode
Articles with this tag
Abusing Unhandled Exception filters to detect debuggers · Here's another technique for my anti-analysis collection! It uses an Exception Handler and an...
I do not need to use WinDbg for userland debugging that often BUT when I need to use it I REALLY need to use it! \O/ I keep forgetting some of the...
Recently, I’ve been reversing this first-stage that dynamically loads a copy of ntdll.dll in order to hide malicious behavior from Sandboxes and EDRs....
![[Anti-Analysis] Unhandled Exception Filters](https://cdn.hashnode.com/res/hashnode/image/upload/v1767116241392/cf80fe63-eec7-4442-afa6-4ea7f3c937c1.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
![[Cheatsheet] Userland WinDbg](https://cdn.hashnode.com/res/hashnode/image/upload/v1768170826430/ea918a0e-302f-4cd5-a61f-c72fd7e00af2.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
![[Tool] Quick Snip to Detect ntdll.dll](https://cdn.hashnode.com/res/hashnode/image/upload/v1767128393992/4d706808-86ae-40d2-b1fc-cabbcdf0fccb.jpeg?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)