• Home
  • Search
  • Map
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
  • About
  • API

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

I'm Feeling Lucky

Search Result

4 item(s) found so far for this keyword.

Dirty Vanity Process Manipulating

Dirty Vanity is a process injection technique that exploits the Windows forking (process reflection and snapshotting) feature to inject code into a new process.

It uses the RtlCreateProcessReflection or NtCreateProcess[Ex] primitives, along with the PROCESS_VM_OPERATION, PROCESS_CREATE_THREAD, and PROCESS_DUP_HANDLE flags to reflect and execute code in a new process.

The technique also makes use of various methods, such as …

Process Hollowing, RunPE Process Manipulating

Process hollowing is a technique used by malware to evade detection by injecting malicious code into a legitimate process. This technique involves creating a new instance of a legitimate process and replacing its original code with the malicious payload.

The process is the following:

  • CreateProcess: in a suspended mode with the CreationFlag at 0x0000 0004.
  • GetThreadContext: retrieves the …

PE Injection Process Manipulating

Instead of passing the address of the LoadLibrary, malware can copy its malicious code into an existing open process and force it to execute (either via a small shellcode, or by calling CreateRemoteThread).

One advantage of PE injection over the LoadLibrary technique is that the malware does not have to drop a malicious DLL on the disk. The malware …

Hide Artifacts: Run Virtual Instance Defense Evasion [Mitre]

Adversaries may carry out malicious operations using a virtual instance to avoid detection. A wide variety of virtualization technologies exist that allow for the emulation of a computer or computing environment. By running malicious code inside of a virtual instance, adversaries can hide artifacts associated with their behavior from security tools that are unable to monitor activity inside the virtual …

Made with in 🇫🇷 © 2023. The #UnprotectProject

Terms And Conditions

Contribute