HTTP 200 OK
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"count": 68,
"next": null,
"previous": "https://unprotect.it/api/featured_api/?format=api",
"results": [
{
"url": "https://unprotect.it/api/featured_api/447/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "EnumResourceNamesW",
"ref_link": null,
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/471/?format=api",
"library": {
"id": 27,
"name": "ole32.dll",
"description": ""
},
"name": "OleGetClipboard",
"ref_link": null,
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/593/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "AddVectoredExceptionHandler",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/errhandlingapi/nf-errhandlingapi-addvectoredexceptionhandler?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "The AddVectoredExceptionHandler function is used to register a vectored exception handler in a Windows program. This function allows a developer to specify a function to be called when an exception occurs in the program. The function takes two parameters:\r\n\r\nFirst: an integer value that specifies the order in which the handler should be called. If this parameter is nonzero, the handler is the first to be called, otherwise, it is the last to be called.\r\n\r\nHandler: a pointer to the handler function that should be called. This function should take one parameter, which is a pointer to an EXCEPTION_POINTERS structure that contains information about the exception.\r\n\r\nIf the function succeeds, it returns a handle to the exception handler. If it fails, it returns NULL.",
"featured_in": [
{
"id": 212,
"name": "INT 0x2D",
"url": "https://unprotect.it/technique/int-0x2d/"
},
{
"id": 214,
"name": "Trap Flag",
"url": "https://unprotect.it/technique/trap-flag/"
},
{
"id": 340,
"name": "AddVectoredExceptionHandler",
"url": "https://unprotect.it/technique/addvectoredexceptionhandler/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/603/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "InternetOpenW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetopenw?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/604/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "InternetConnectW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetconnectw?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/606/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "FtpOpenFileW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-ftpopenfilew?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/607/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "InternetWriteFile",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetwritefile?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/608/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "InternetReadFile",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetreadfile?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/610/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "FtpGetCurrentDirectoryW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-ftpgetcurrentdirectoryw?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/613/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "InternetOpenA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetopena?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/614/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "InternetConnectA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetconnecta?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/616/?format=api",
"library": {
"id": 29,
"name": "Wininet.dll",
"description": ""
},
"name": "FtpOpenFileA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-ftpopenfilea?WT_mc_id=DSEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/620/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateNamedPipeW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-createnamedpipew?WT_mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 357,
"name": "SMB / Named Pipes",
"url": "https://unprotect.it/technique/smb-named-pipes/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/621/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateNamedPipeA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea?WT_mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 357,
"name": "SMB / Named Pipes",
"url": "https://unprotect.it/technique/smb-named-pipes/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/622/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "ConnectNamedPipe",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-connectnamedpipe?WT_mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 357,
"name": "SMB / Named Pipes",
"url": "https://unprotect.it/technique/smb-named-pipes/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/624/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CallNamedPipeW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-callnamedpipew?WT_mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 357,
"name": "SMB / Named Pipes",
"url": "https://unprotect.it/technique/smb-named-pipes/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/625/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "NtQueryInformationProcess",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess",
"from_msdn": true,
"caution_level": "high",
"description": "GPT\r\nThe NtQueryInformationProcess function, along with the data structures it provides, are internal to Windows and can change with different versions of the operating system. To ensure your application remains compatible, it's better to use the public functions recommended in the ProcessInformationClass parameter's description.\r\n\r\nIf you still choose to use NtQueryInformationProcess, access it through run-time dynamic linking. This method allows your code to adapt if the function is altered or removed in future Windows releases. Be aware, though, that changes in the function's signature might not be detectable.\r\n\r\nThis function isn't included in any import library. To use it, you need to dynamically link to Ntdll.dll using the LoadLibrary and GetProcAddress functions.",
"featured_in": [
{
"id": 358,
"name": "Process Argument Spoofing",
"url": "https://unprotect.it/technique/process-argument-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/629/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "NtDelayExecution",
"ref_link": "http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FNtDelayExecution.html",
"from_msdn": false,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 371,
"name": "NtDelayExecution",
"url": "https://unprotect.it/technique/ntdelayexecution/"
}
]
}
]
}
