Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
4 item(s) found so far for this keyword.
Detecting Running Process: EnumProcess API Sandbox Evasion Anti-Debugging Anti-Monitoring
Anti-monitoring is a technique used by malware to prevent security professionals from detecting and analyzing it. One way that malware can accomplish this is by using the EnumProcess function to search for specific processes, such as ollydbg.exe or wireshark.exe, which are commonly used by security professionals to monitor and analyze running processes on a system.
By detecting these processes …
Bad String Format Anti-Debugging
Bad string format is a technique used by malware to evade detection and analysis by OllyDbg, a popular debugger used by security researchers and analysts. This technique involves using malformed strings that exploit a known bug in OllyDbg, causing the debugger to crash or behave unexpectedly.
For example, the malware may use a string with multiple %s inputs, which …
CsrGetProcessID Anti-Debugging
This function is undocumented within OpenProcess. It can be used to get the PID of CRSS.exe, which is a SYSTEM process. By default, a process has the SeDebugPrivilege privilege in their access token disabled.
However, when the process is loaded by a debugger such as OllyDbg or WinDbg, the SeDebugPrivilege privilege is enabled. If a process is able …
Detecting Window with FindWindow API Anti-Debugging Anti-Monitoring
The FindWindowA / FindWindowW function can be used to search for windows by name or class.
It is also possible to use EnumWindows API in conjunction with GetWindowTextLength and GetWindowText to locate a piece of string that could reveal the presence of a known debugger.
Some Known Debuggers
- ImmunityDebugger
- OllyDbg
- IDA
- x64dbg / …