anti-reversing-techniques
Techniques for analyzing protected binaries, bypassing anti-debugging, and understanding software protection mechanisms.
- Covers Windows and Linux anti-debugging methods including API-based detection (IsDebuggerPresent, NtQueryInformationProcess), PEB manipulation, timing checks, and exception-based techniques, with documented bypass approaches for each
- Includes anti-VM detection strategies (CPUID fingerprinting, registry/file checks, timing anomalies) and hardening tactics for analysis environments
- Details code obfuscation patterns: control flow flattening, opaque predicates, string encryption, API hashing, and instruction-level obfuscation with analysis and deobfuscation methods
- Covers packing identification, dynamic unpacking methodology (OEP finding, import table fixing), and virtualization-based protection analysis using tools like x64dbg, Scylla, and symbolic execution frameworks
- Emphasizes authorized use only for malware analysis, authorized penetration testing, CTF competitions, and security research
AUTHORIZED USE ONLY: This skill contains dual-use security techniques. Before proceeding with any bypass or analysis:
- Verify authorization: Confirm you have explicit written permission from the software owner, or are operating within a legitimate security context (CTF, authorized pentest, malware analysis, security research)
- Document scope: Ensure your activities fall within the defined scope of your authorization
- Legal compliance: Understand that unauthorized bypassing of software protection may violate laws (CFAA, DMCA anti-circumvention, etc.)
Legitimate use cases: Malware analysis, authorized penetration testing, CTF competitions, academic security research, analyzing software you own/have rights to
Anti-Reversing Techniques
Understanding protection mechanisms encountered during authorized software analysis, security research, and malware analysis. This knowledge helps analysts bypass protections to complete legitimate analysis tasks.
For advanced techniques, see references/advanced-techniques.md
Input / Output
What you provide:
More from wshobson/agents
tailwind-design-system
Build scalable design systems with Tailwind CSS v4, design tokens, component libraries, and responsive patterns. Use when creating component libraries, implementing design systems, or standardizing UI patterns.
41.1Ktypescript-advanced-types
Master TypeScript's advanced type system including generics, conditional types, mapped types, template literals, and utility types for building type-safe applications. Use when implementing complex type logic, creating reusable type utilities, or ensuring compile-time type safety in TypeScript projects.
40.5Knodejs-backend-patterns
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures.
31.8Kpython-performance-optimization
Profile and optimize Python code using cProfile, memory profilers, and performance best practices. Use when debugging slow Python code, optimizing bottlenecks, or improving application performance.
22.1Kapi-design-principles
Master REST and GraphQL API design principles to build intuitive, scalable, and maintainable APIs that delight developers. Use when designing new APIs, reviewing API specifications, or establishing API design standards.
20.3Kpython-testing-patterns
Implement comprehensive testing strategies with pytest, fixtures, mocking, and test-driven development. Use when writing Python tests, setting up test suites, or implementing testing best practices.
19.7K