• Home
  • Search
  • Map
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
  • Downloads
  • About
  • API

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

I'm Feeling Lucky

Search Result

6 item(s) found so far for this keyword.

Atom Bombing Process Manipulating

Atom Bombing is a technique that utilizes Windows Atom Tables, which provide a global storage mechanism for strings, to inject malicious code into a target process.

The technique involves storing a shellcode in an Atom Table, then using the NtQueueApcThread function to force the targeted process to access the specific Atom, causing the injection to occur. To bypass Data Execution …

TLS Callback Anti-Debugging

TLS (Thread Local Storage) callbacks are a mechanism in Windows that allows a program to define a function that will be called when a thread is created. These callbacks can be used to perform various tasks, such as initializing thread-specific data or modifying the behavior of the thread.

As an anti-debugging technique, a program can use a TLS callback to …

FIleless Mechanisms Process Manipulating

Fileless malware is a type of malware that is designed to reside and execute entirely in the memory of a host system, without leaving any trace on the local disk. This can make it more difficult for security tools to detect and remove the malware, as it does not leave any files on the system that can be scanned or …

Process Injection: Thread Local Storage Defense Evasion [Mitre]

Adversaries may inject malicious code into processes via thread local storage (TLS) callbacks in order to evade process-based defenses as well as possibly elevate privileges. TLS callback injection is a method of executing arbitrary code in the address space of a separate live process.

TLS callback injection involves manipulating pointers inside a portable executable (PE) to redirect a process to …

Hiding Mechanisms Others

Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …

NtGlobalFlag Anti-Debugging

The information that the system uses to determine how to create heap structures is stored at an undocumented location in the PEB at offset 0x68. If the value at this location is 0x70, we know that we are running in a debugger.

The NtGlobalFlag field of the Process Environment Block (0x68 offset on 32-Bit and 0xBC on 64-bit …

Made with in 🇫🇷 © 2023. The #UnprotectProject

Terms And Conditions

Contribute