• Home
  • Search
  • Map
  • Resources
    Technique List Snippet List Detection Rule List
  • About
  • API

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Random is cool

Search Result

3 item(s) found so far for this keyword.

EventPairHandles Anti-Debugging

An EventPair Object is an event constructed by two _KEVENT structures which are conventionally named High and Low.

There is a relation between generic Event Objects and Debuggers because they must create a custom event called DebugEvent able to handle exceptions. Due to the presence of events owned by the Debugger, every information relative to the events of a normal …

Clear Windows Event Logs Anti-Forensic Defense Evasion [Mitre]

Event logging provides a standard, centralized way for applications (and the operating system) to record important software and hardware events. The event logging service records events from various sources and stores them in a single collection called an event log.

Event logs can be very useful for investigating a computer after an intrusion and understanding the actions taken by an …

CloseHandle, NtClose Anti-Debugging

When a process is debugged, calling NtClose or CloseHandle with an invalid handle will generate a STATUS_INVALID_HANDLE exception.

The exception can be cached by an exception handler. If the control is passed to the exception handler, it indicates that a debugger is present.

Made with in 🇫🇷 © 2022. The #UnprotectProject

Terms And Conditions

Contribute