• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

13 item(s) found so far for this keyword.

Tamper DLL Export Names & GetProcAddress Spoofing Process Manipulating

When a process is running, it is possible to change the results of the call to GetProcAddress API, for the exported functions of a module along with modifying the export's offsets and name at runtime.

For example, the offset of kernel32.dll's function VirtualAlloc can be change to the offset of another function. When VirtualAlloc is called (after getting its …

Al-Khaser_WriteWatch Anti-Debugging

Default invalid parameter values of Al-Khaser's Anti-Debug technique (VirtualAlloc/MEM_WRITE_WATCH). Used for checking API hooks in debuggers/sandboxes.

Indirect Memory Writing Antivirus/EDR Evasion

In code-injection scenarios, for example, when a loader places a payload into memory for execution, many antimalware engines detect or block malicious activity at the moment the payload bytes are written into the newly allocated executable memory region. Attackers may try to evade such detection by avoiding direct writes to new memory region and instead relying on other, legitimate Windows …

  • 1
  • 2

The #UnprotectProject is brought to you by 🇫🇷 DarkCoderSc and 🇫🇷 fr0gger_

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now