Hardware Breakpoints for Malware

Our task is to trivially hook functions and diver the code flow as needed, and
finally remove the hook once it is no longer need...

Check out my article for Vx-Underground: Black Mass Volume 1; I discuss various aspects and use cases of hardware breakpoints; including userland evasion techniques (TamperingSyscalls2). You can find the associated code under my Github with C and C++ implementations.


Popular posts from this blog

Detecting Indirect Syscalls from Userland, A Naive Approach.

D-Generating EDR Internals, Part 1