Howdy all! Long time no updates. Sorry about that, the life of the AV reverse engineer is a busy one, but busy is good right? Anywho, I come bearing gifts. An anti-debugger trick I learned (while coding skiddy AV tool). The way it works is simple – under normal circumstances, the working set (amount of […]

Howdy all! It’s been a dog’s age. I’ve been busy with work and personal things. I enjoyed a brief 3 month relationship only to return to a life of loneliness. For now anyways. CactusCon went well. Had a nice turn out for my work shop. Hopefully the attendees learned something as I tried to make […]

I came across this one individual’s page whom is an avid reverse engineer with some great material. Check out his pdf cheat sheet on anti-debugging. There were a few in there I didn’t know about like the ‘csr’ trick which involves calling an undocumented ‘CsrGetProcessId’ function within OpenProcess. CsrGetProcessId is a native API that returns […]