Search Evasion Techniques
Names, Techniques, Definitions, Keywords
4 item(s) found so far for this keyword.
Dirty Vanity is a process injection technique that exploits the Windows forking (process reflection and snapshotting) feature to inject code into a new process.
It uses the
NtCreateProcess[Ex] primitives, along with the
PROCESS_DUP_HANDLE flags to reflect and execute code in a new process.
The technique also makes use of various methods, such as …
Process hollowing is a technique used by malware to evade detection by injecting malicious code into a legitimate process. This technique involves creating a new instance of a legitimate process and replacing its original code with the malicious payload.
The process is the following:
CreateProcess: in a suspended mode with the CreationFlag at 0x0000 0004.
GetThreadContext: retrieves the …
Instead of passing the address of the LoadLibrary, malware can copy its malicious code into an existing open process and force it to execute (either via a small shellcode, or by calling
One advantage of PE injection over the
LoadLibrary technique is that the malware does not have to drop a malicious DLL on the disk. The malware …
Adversaries may carry out malicious operations using a virtual instance to avoid detection. A wide variety of virtualization technologies exist that allow for the emulation of a computer or computing environment. By running malicious code inside of a virtual instance, adversaries can hide artifacts associated with their behavior from security tools that are unable to monitor activity inside the virtual …