Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / MALWARE REVERSE / ANALYSIS / STATIC / DANGEROUS FUNCS / WIN32

Evasion

AMSI Bypass

  • AmsiScanBuffer

  • AmsiScanString

ETW Patching

  • EtwEventWrite

  • EtwEventRegister

Unhooking / Clean NTDLL

  • GetModuleHandle

  • GetProcAddress

  • VirtualProtect

  • NtProtectVirtualMemory

Debugger Evasion

  • IsDebuggerPresent

  • CheckRemoteDebuggerPresent

  • NtQueryInformationProcess

  • OutputDebugStringA

  • NtSetInformationThread

  • AddVectoredExceptionHandler