Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
9 item(s) found so far for this keyword.
Process Injection: ListPlanting Defense Evasion [Mitre]
Adversaries may abuse list-view controls to inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. ListPlanting is a method of executing arbitrary code in the address space of a separate live process. Code executed via ListPlanting may also evade detection from security products since the execution is masked under a legitimate …
Listplanting Process Manipulating
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window.
Edit controls can be set to display text in multiline mode, in which case they …
OLEUM Process Manipulating
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window. Edit controls can be set to display text in multiline mode, in which case they …
Propagate Process Manipulating
This technique involves modifying the internal properties of a window in order to intercept and modify or monitor the behavior of the window when it receives messages. To do this, an application creates a buffer containing shellcode and injects it into the target process.
Then, it modifies the internal structure used by the specific properties, such as UxSubclassInfo and CC32SubclassInfo, …
Hijack Execution Flow: KernelCallbackTable Defense Evasion [Mitre]
Adversaries may abuse the KernelCallbackTable of a process to hijack its execution flow in order to run their own payloads. The KernelCallbackTable can be found in the Process Environment Block (PEB) and is initialized to an array of graphic functions available to a GUI process once user32.dll is loaded.
An adversary may hijack the execution flow of a process using …
Caesar Cipher Data Obfuscation
The Caesar Cipher is a simple encoding algorithm that was used during the Roman Empire to hide secret messages. In this algorithm, each letter of the plaintext is replaced with a letter that is a fixed number of positions down the alphabet. For example, if the shift value is 3, then the letter "A" would be replaced with "D", "B" …
WordWarping Process Manipulating
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window. Edit controls can be set to display text in multiline mode, in which case they …
EditWordBreakProc Process Manipulating
Edit controls, including Rich Edit controls, are a common type of Windows control found in many applications. They can be embedded directly in the application or as subclassed windows.
When these controls display text in multiline mode, they use a callback function called EditWordBreakProc. This function is called every time the control needs to do something related to word …
MPRESS Packers
MPRESS is a free packer. It makes programs and libraries smaller, and decrease start time when the application loaded from a slow removable media or from the network.
It uses in-place decompression technique, which allows to decompress the executable without memory overhead or other drawbacks; it also protects programs against reverse engineering by non-professional hackers. Programs compressed with MPRESS run …