Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
171 item(s) found so far for this keyword.
DLL Injection via CreateRemoteThread and LoadLibrary Process Manipulating
DLL Injection Via CreateRemoteThread and LoadLibrary is a technique used by malware to inject its code into a legitimate process. This technique is similar to hook injection, where the malware inserts a malicious DLL to be used by the system. It is one of the most common techniques used to inject malware into another process.
The malware writes the …
FIleless Mechanisms Process Manipulating
Fileless malware is a type of malware that is designed to reside and execute entirely in the memory of a host system, without leaving any trace on the local disk. This can make it more difficult for security tools to detect and remove the malware, as it does not leave any files on the system that can be scanned or …
Geofencing Others
Geofencing in malware refers to a technique used by cybercriminals to restrict the distribution or activation of malicious software based on geographical location. Malware authors use geofencing to target specific regions or avoid certain areas, such as their home country, in order to evade detection, minimize the chances of being investigated, or maximize the effectiveness of their attacks.
Geofencing …
Time Bomb Sandbox Evasion Others
Some malware contains a built-in expiration date, after which the malware will no longer run or function. This can be used by attackers to limit the time during which the malware can be detected and analyzed by security researchers. In order to run and analyze the malware after its expiration date, security researchers must manually change the date on the …
Thread Execution Hijacking Process Manipulating
Thread execution hijacking is a technique used by malware to evade detection by targeting an existing thread of a process and avoiding any noisy process or thread creation operations. This technique allows the malware to run its code within the context of the targeted thread, without creating new processes or threads, which can be easily detected by security software.
…
Image File Execution Options Injection Process Manipulating
Image File Execution Options Injection, also known as IFEO Injection, is a technique used by malware to evade detection and persist on a compromised system.
The technique involves modifying the Image File Execution Options (IFEO) registry key, which is used by the Windows operating system to set debugging options for executable files. When an executable file is launched, the …
APC injection Process Manipulating
Malware can take advantage of Asynchronous Procedure Calls (APC) to force another thread to execute their custom code by attaching it to the APC Queue of the target thread.
Each thread has a queue of APCs which are waiting for execution upon the target thread entering alterable state.
A thread enters an alert table state if it calls …
Opaque Predicate Anti-Disassembly
Opaque predicate is a term used in programming to refer to decision making where there is only one possible outcome. This can be achieved through the use of complex or hard-to-understand logic, such as calculating a value that will always return True.
Opaque predicates are often used as anti-disassembling techniques, as they can make it difficult for an analyst …
Fast Flux Network Evasion
Fast flux is a technique used by botnets to conceal the location of their phishing and malware delivery sites by using a constantly changing network of compromised hosts as proxies. This makes it difficult for law enforcement and other security actors to track down and shut down the sites, as the IP addresses of the sites are constantly changing.
…
Anti Yara Rules Others
Yara rules are used by malware researchers to identify and classify malware based on specific characteristics and behaviors. These rules are powerful because they allow researchers to quickly and accurately detect malware, even if it has been modified to avoid detection. However, attackers can also modify their malware to avoid detection by Yara rules.
This is often seen with …