An open API service indexing awesome lists of open source software.

https://github.com/silverplate3/evasion-techniques-articles

Articles I wrote for Cynet about Evasion techniques. Link to the articles and the full source code can be found here
https://github.com/silverplate3/evasion-techniques-articles

Last synced: 9 days ago
JSON representation

Articles I wrote for Cynet about Evasion techniques. Link to the articles and the full source code can be found here

Awesome Lists containing this project

README

          

# Evasion techniques 2 - PEB edition
## Cynet Security

[![Cynet-removebg-preview](https://user-images.githubusercontent.com/93097769/182520121-71f8b132-99b3-4779-95b9-599226829d86.png)](https://www.cynet.com/)

Written by: Ariel Silver

Article can be found at - https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques-peb-edition/

# Intro
The article explains and shows the following
- What is the Process Environment Block
- Different ways adversaries can exploit it in order to evade user-mode tools and detections.
- Live attack scenarios that show when and how malwares should use it.
- WinAPI's and system structures (documented and undocumented) that must be used.
- Most important, how Cynet detects this bevavior.

# Code
- The full code and solutions for these techniqes can be found in the code folder.
- The code should be compiled in x64 Relsease mode.
- In order to understand the full code you MUST read the article, as it's very detailed and much more in-depth then the code comments.

Previous article - https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/