This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 6.2 of Examining Self-Defending Malware
API-based detection (IsDebuggerPresent, NtQueryInformationProcess), PEB-based detection (BeingDebugged, NtGlobalFlag, heap flags), timing checks, 0xCC self-scan, debug register detection, TLS callbacks, and the bypass priority sequence.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
ScyllaHide — Complete Anti-Debug Bypass Plugin
Open-source x64dbg plugin defeating PEB checks, NtQueryInformationProcess, timing, and debug register queries simultaneously.
MITRE ATT&CK — Debugger Evasion (T1622)
ATT&CK technique for debugger evasion with documented real-world procedure examples from threat actor tools.
Quadrant 4 · Self-Assessment
Examining Self-Defending Malware
Covers anti-debugging techniques, virtual machine and sandbox detection, protection of embedded data, code misdirection, and advanced unpacking methodologies.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.