In order to detect system behavior, we have 3 factors for this example. The first factor is intercepting the first 32 entries of IDT (Interrupt Descriptor Table). We use the !exception command for this purpose.
For instance, if we want to break on division-by-zero on process id 0x490.
HyperDbg>!exception 0x0 pid 490
If we want to monitor external-interrupts (IDT index from 0x21 to 0xff), we use the !interrupt command.
Imagine we want to break on entry 0x25 of IDT.
The last factor is the system-wide monitoring of the execution of RDMSR and WRMSR. We use the !msrread and the !msrwrite commands.
For example, MSR 0xc0000082 (LSTAR) is one of the MSRs used by malware and rootkits.