Skip to content

SilverPlate3/Evasion-techniques-articles

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Code
Code
 
 
README.md
README.md
 
 

Repository files navigation

Evasion techniques 2 - PEB edition

Cynet Security

Cynet-removebg-preview

Written by: Ariel Silver

Article can be found at - https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques-peb-edition/

Intro

The article explains and shows the following

  • What is the Process Environment Block
  • Different ways adversaries can exploit it in order to evade user-mode tools and detections.
  • Live attack scenarios that show when and how malwares should use it.
  • WinAPI's and system structures (documented and undocumented) that must be used.
  • Most important, how Cynet detects this bevavior.

Code

  • The full code and solutions for these techniqes can be found in the code folder.
  • The code should be compiled in x64 Relsease mode.
  • In order to understand the full code you MUST read the article, as it's very detailed and much more in-depth then the code comments.

Previous article - https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/

About

Articles I wrote for Cynet about Evasion techniques. Link to the articles and the full source code can be found here

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages