@lhebs

Marcos Alvares

@lhebs

What we understand well enough to explain to a computer.

Joined December 2025

About

Nothing here yet.

Available for

Nothing here yet.

Marcos Alvares's blogs

m.alvar.esm.alvar.es7 posts

Articles Comments

Recently published

MAMarcos Alvaresm.alvar.esJan 26 · 1 min read

[Anti-Analysis] Watching Memory Regions using GetWriteWatch API

I have been exploring some anti-debug techniques listed in the CheckPoint Anti-Debug Knowledge Base. This one really caught my attention. It uses the Kernel32.GetWriteWatch API to detect changes to a

MAMarcos Alvaresm.alvar.esJan 18 · 1 min read

[Anti-Analysis] Abusing CloseHandle API

The documentation of CloseHandle states the following: If the application is running under a debugger, the function will throw an exception if it receives either a handle value that is not valid or a

MAMarcos Alvaresm.alvar.esJan 14 · 1 min read

[Anti-Analysis] Unhandled Exception Filters

Here's another technique for my anti-analysis collection! It uses an Exception Handler and an induced exception to detect debuggers. A handler is registered using the kernel32.SetUnhandledExceptionFil

MAMarcos Alvaresm.alvar.esJan 11 · 1 min read

[Cheatsheet] Userland WinDbg

I do not need to use WinDbg for userland debugging that often BUT when I need to use it I REALLY need to use it! \O/ I keep forgetting some of the commands and the references I find online are often missing something or just too complex (Microsoft’s ...

MAMarcos Alvaresm.alvar.esDec 31, 2025 · 9 min read

[Tool] Messing Around with Gepetto

Recently, I discovered this IDAPro plugin called Gepetto [1]. It connects IDA to LLMs and assists in annotating disassembled code interactively directly from the UI. You can simply right-click on a decompiled function’s name and ask Gepetto to explai...

Marcos Alvares

About

Available for

Marcos Alvares's blogs

Recently published

[Anti-Analysis] Watching Memory Regions using GetWriteWatch API

[Anti-Analysis] Abusing CloseHandle API

[Anti-Analysis] Unhandled Exception Filters

[Cheatsheet] Userland WinDbg

[Tool] Messing Around with Gepetto

Search Hashnode

Marcos Alvares

About

Available for

Marcos Alvares's blogs

Recently published

[Anti-Analysis] Watching Memory Regions using GetWriteWatch API

[Anti-Analysis] Abusing CloseHandle API

[Anti-Analysis] Unhandled Exception Filters

[Cheatsheet] Userland WinDbg

[Tool] Messing Around with Gepetto