Update README.md

AdvDebug · Jan 7, 2025 · c3a5f73 · c3a5f73
1 parent 6e660a3
commit c3a5f73
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -13,6 +13,10 @@ A .NET Project which Contains some useful techniques to detect debugging and oth
 
 * IsDebuggerPresent
 
+* PEB.BeingDebugged
+
+* PEB.NtGlobalFlag
+
 * NtSetDebugFilterState
 
 * Page Guard Breakpoints Detection
@@ -75,12 +79,24 @@ A .NET Project which Contains some useful techniques to detect debugging and oth
 
 * Checking for devices created by VMs or Sandboxes
 
+* Checking if AVX x64/x86 instructions are properly implemented to see if we are in an emulator.
+
+* Checking for RDRAND x64/x86 instruction to see if it's properly implemented which could indicate an emulator.
+
+* Checking for flags manipulation (for x64 and x86) checks to see if it's correctly handled.
+
 ## Anti Dll Injection
 
 * Taking Advantage of Binary Image Signature Mitigation Policy to prevent injecting Non-Microsoft Binaries.
 
 * Checking if any injected libraries are present (simple dlls path whitelist check)
 
+* Thread Injection Detection
+
+* Using PEB to change the main module info of the program which is main module name and module base address at runtime.
+
+* Detecting process hollowing in our program by checking suspicious image base address.
+
 ## Other Detections
 * Detecting if Unsigned Drivers are Allowed to Load
 
@@ -99,7 +115,9 @@ A .NET Project which Contains some useful techniques to detect debugging and oth
 ## Hooks Detection
 * Detecting Most Anti Anti-Debugging Hooking Methods on Common Anti-Debugging Functions by checking for Bad Instructions on Functions Addresses and it detects user-mode anti anti-debuggers like scyllahide, and it can also detect some sandboxes which uses hooking to monitor application behaviour/activity (like <a href="https://github.com/sandboxie-plus/Sandboxie">Sandboxie/Sandboxie Plus</a>, <a href="https://www.hybrid-analysis.com">Hybrid Analysis</a>, <a href="https://cuckoosandbox.org/index.html">Cuckoo Sandbox</a>, and a lot of other online malware analysis websites/applications).
 
+* Basic detection for stealthy page guard hooking.
+
 * Detecting CLR Functions Hooking (like harmony hooks).
 
 # Notice
-This Project are created for educational purposes only, also this project are licensed under MIT License.
+This Project are created for educational purposes only, also this project are licensed under MIT License. you can use the code however you please, just please use it responsibly (NOT for malware) (e.g. you are developing an anti-cheat).