Detecting analysis environments
Collection of evasion tricks for anti-analysis and bypassing automated sandbox analysis. Works particularly well against platforms like VirusTotal
5 docs tagged with "evasion"
View all tagsDLL Hijacking
Simply put, DLL hijacking refers to tricking a legitimate application into loading an arbitrary DLL. There are various approaches to achieving this, and we will go over some of these in this article.
EDR Evasion — Kernel Callback Removal
Article coming soon.
Intro to Process Injection
In this article we will go over the basic concept of process injection; what it consists of and a few examples.
Resolving function addresses manually
Manual implementation of GetModuleHandle and GetProcAddress via a PEB walk and PE parsing.