Search For Content
Search Result
8 item(s) found so far for this keyword.
Base64
Base64 is a simple encoding scheme that is often used by malware to represent binary data in an ASCII string. This allows the malware to encode and transmit binary data, such as a payload or network traffic, in a way that is more compact and easier to transmit over text-based communication channels.
Base64 uses a 64-character alphabet to encode …
Read moreCryptography
Cryptography is a technique often used by malware to protect against analysis or to perform malicious actions such as in ransomware attacks. In these cases, malware will use cryptography to encrypt their payloads or communication channels in order to make it difficult for security tools and forensic investigators to detect and analyze their activities.
Additionally, cryptography can be used …
Read moreDomain Generation Algorithm
Domain generation algorithms (DGAs) are algorithms used by malware to generate a large number of domain names that can be used as communication channels with their command and control servers. These domain names are generated periodically, typically using a pseudorandom number generator.
The use of DGAs makes it difficult for law enforcement and other security actors to shut down …
Read moreC2 via Social Networks
Malware often relies on a communication channel with its operator in order to receive instructions and updates. This channel is known as a command and control (C&C or C2) channel. C&C channels can take various forms, such as internet relay chat (IRC), peer-to-peer protocols, and even social media. The use of C&C channels allows the operator to remotely control the …
Read moreOutputDebugString
This Windows API is often used by developers for debugging purpose. It will display a text to the attached debugger. This API is also used by Malware to open a communication channel between one or multiple processes.
It is possible to use OutputDebugString in addition of GetLastError / SetLastError to detect debugger presence.
Read moreROL
ROL, or Rotate Left, is a simple encoding algorithm similar to the Caesar Cipher. In the ROL algorithm, each letter of the plaintext is replaced with a letter that is a fixed number of positions down the alphabet. For example, if the rotation value is 3, then the letter "A" would be replaced with "D", "B" would be replaced with …
Read moreCustom Encoding
Malware often uses custom encoding schemes to conceal their payloads and avoid detection. These custom schemes can be full custom layers, or they can be variations of known algorithms such as XOR or Base64. Using custom encoding schemes allows malware to encode their payloads in a unique way that can be difficult for security tools and forensic investigators to detect.
… Read moreExfiltration via SMTP
Exfiltration via SMTP is a technique where attackers leverage the Simple Mail Transfer Protocol (SMTP) to exfiltrate data. This method involves sending stolen data, such as sensitive files or system information, via email to an attacker-controlled email account. By using email traffic, attackers can often bypass traditional network monitoring solutions since SMTP traffic is usually deemed legitimate.
To execute …
Read more