Search Evasion Techniques
Names, Techniques, Definitions, Keywords
4 item(s) found so far for this keyword.
Atom Bombing is a technique that utilizes Windows Atom Tables, which provide a global storage mechanism for strings, to inject malicious code into a target process.
The technique involves storing a shellcode in an Atom Table, then using the
NtQueueApcThread function to force the targeted process to access the specific Atom, causing the injection to occur. To bypass Data Execution …
Suspending threads is a technique used by malware to disable user-mode debuggers and make it more difficult for security analysts to reverse engineer and analyze the code. This can be achieved by using the
SuspendThread function from the kernel32.dll library or the
NtSuspendThread function from the NTDLL.DLL library.
The malware can enumerate the threads of a given process, or search …
NtSetInformationThread can be used to hide threads from debuggers using the
17). This is intended to be used by an external process, but any thread can use it on itself.
After the thread is hidden from the debugger, it will continue running but the debugger won’t receive events related to this thread. This thread …