In 2021, I wrote about section hashing, a popular anti debugging technique to detect software breakpoints.
https://malwareandstuff.com/catching-debuggers-with-section-hashing/

#malware #reverseengineering #cybersecurity #infosec #antidebug

okay, this is my favorite goofy linux antidebug trick so far. catches gdb and lldb, and especially with a bit more obfuscation (e.g. mmap a *file* RW there, move the stack up a bunch so that it overlaps w/ the mmapped file, write to that file to corrupt your own stack, 😸 ) it can be, i think, pretty annoying to figure out

http://sprunge.us/J7gMI4

link *statically*
#antidebug #antidebugging

Came across a reference called "The 'Ultimate' Anti-Debugging Reference" by Peter Ferrie from 2011 yesterday.

Although dated, it contains some of the easiest to understand explanations to many anti-debugging techniques that I've seen so far.

The original link is down, but thankfully it's been archived and I'm a sucker for preservation, so I thought I'd share it here.

https://web.archive.org/web/20190608123534/http://pferrie.host22.com/papers/antidebug.pdf

#windows #antidebug #reference #reverseengineering

Rewriting ntdll functions to bypass simple user-mode hooks (antidebug) https://secrary.com/Random/BypassUserHooks/ #windows #reverseengineering #antidebug https://t.co/8Tvz8KlFm5

Anti-debug with VirtualAlloc's write watch https://github.com/gsuberland/al-khaser/blob/write-watch/al-khaser/Anti%20Debug/WriteWatch.cpp #windows #antidebug #reverseengineering