GET /api/techniques/108/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 108,
"key": "guard-pages",
"unprotect_id": "U0102, B0006.006",
"name": "Guard Pages",
"description": "Memory breakpoints are a technique used by malware to detect if a debugger is present. This technique involves setting up a \"guard page\" in memory, which is a page of memory that is protected by the operating system and cannot be accessed by normal code. If a debugger is present, the malware can use this guard page to detect its presence.\r\n\r\nThis technique works by putting a return address onto the stack, then accessing the guard page. If the operating system detects that the guard page has been accessed, it will raise a STATUS_GUARD_PAGE_VIOLATION exception. The malware can then check for this exception, and if it is present, it can assume that no debugging is taking place. This allows the malware to evade detection and continue to operate without being interrupted by a debugger.",
"resources": "http://antukh.com/blog/2015/01/19/malware-techniques-cheat-sheet/",
"creation_date": "2019-03-23T17:05:57Z",
"tags": "Memory breakpoints,\r\nGuard pages,\r\nDebugger detection,\r\nSTATUS_GUARD_PAGE_VIOLATION,",
"modification_date": "2023-10-04T10:44:17.143000Z",
"category": [
3
],
"rules": [
68
],
"attachments": [],
"featured_api": [
3,
363,
422
],
"contributors": []
}
