GET /api/techniques/107/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 107,
"key": "ntsetdebugfilterstate",
"unprotect_id": "U0103",
"name": "NtSetDebugFilterState",
"description": "The `NtSetDebugFilterState` and `DbgSetDebugFilterState` functions are used by malware to detect the presence of a kernel mode debugger. These functions allow the malware to set up a debug filter, which is a mechanism that can be used to detect and respond to the presence of a debugger.\r\n\r\nWhen a kernel mode debugger is present, the debug filter will be triggered, and the malware can then take actions to evade detection and continue to operate. This technique is commonly used by malware to avoid analysis by security researchers and avoid being detected by security software. By using these functions, the malware can operate stealthily and evade detection, making it difficult for analysts to reverse engineer the malware and understand its capabilities and behaviors.",
"resources": "",
"creation_date": "2019-03-23T17:00:59Z",
"tags": "NtSetDebugFilterState,\r\nDbgSetDebugFilterState,\r\nKernel mode debugger detection,\r\nDebug filter,",
"modification_date": "2022-12-06T09:47:13.926000Z",
"category": [
3
],
"rules": [
66
],
"attachments": [
"b913237e-4937-4062-9187-b752a00d818c"
],
"featured_api": [
376,
425
],
"contributors": []
}
