m.alvar.es[Anti-Analysis] Watching Memory Regions using GetWriteWatch APII have been exploring some anti-debug techniques listed in the CheckPoint Anti-Debug Knowledge Base. This one really caught my attention. It uses the Kernel32.GetWriteWatch API to detect changes to a Jan 26·1 min read
m.alvar.es[Anti-Analysis] Abusing CloseHandle APIThe documentation of CloseHandle states the following: If the application is running under a debugger, the function will throw an exception if it receives either a handle value that is not valid or aJan 18·1 min read
m.alvar.es[Anti-Analysis] Unhandled Exception FiltersHere's another technique for my anti-analysis collection! It uses an Exception Handler and an induced exception to detect debuggers. A handler is registered using the kernel32.SetUnhandledExceptionFilJan 14·1 min read
m.alvar.es[Cheatsheet] Userland WinDbgI do not need to use WinDbg for userland debugging that often BUT when I need to use it I REALLY need to use it! \O/ I keep forgetting some of the commands and the references I find online are often missing something or just too complex (Microsoft’s ...Jan 11·1 min read
m.alvar.es[Tool] Messing Around with GepettoRecently, I discovered this IDAPro plugin called Gepetto [1]. It connects IDA to LLMs and assists in annotating disassembled code interactively directly from the UI. You can simply right-click on a decompiled function’s name and ask Gepetto to explai...Dec 31, 2025·9 min read
