hyperion
In the first installment of the Everyone's Detected series, we begin our deep dive into Roblox's layered anti-cheat system. This post focuses on their top-level detection method: a memory scanning routine that uses VirusTotal's YARA engine. We examine how Roblox relies on custom YARA
hyperion
In this blog post, we take a deep dive into Hyperion's thread filtering mechanism. We explore how it selectively allows certain threads to spawn, how it identifies and blocks unauthorized ones, and walk through the key checks involved in the process—from instrumentation callbacks to memory validation and
hyperion
In this post, we will analyze how Hyperion modifies Windows' Control Flow Guard (CFG) to enforce its own validation checks. Instead of relying on the default CFG implementation, Hyperion overwrites it with a custom function that validates indirect call targets before execution. This implementation prevents unauthorized hooks from being
hyperion
This blog post explores the inner workings of Roblox's Hyperion anti-tamper mechanism, specifically its Deleter2 routines designed to detect and prevent out-of-sync memory access in critical game structures. By leveraging forced exceptions, pointer encryption, and a dedicated memory pool, Deleter2 primarily targets external cheats while leaving internal operations
hyperion
External cheat providers often rely on continuous data manipulation within Roblox, from reading and writing to memory, to enable their functionality. Hyperion counters these cheats by exploiting the process's working set, allowing it to detect external processes that access or modify a designated memory pool containing player data.
