Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
164 item(s) found so far for this keyword.
CloudEye/DarkEye Packers
CloudEyE, an evolved version of DarkEyE, allows threat actors to use different types of malware of their choice and make it undetectable to anti-virus solutions. This program is being sold by legitimate Italian company which markets it as a tool for developers that want to protect their program from piracy and reverse engineering. The tutorials published and forum posts about …
C2 via FTP(S) Network Evasion
C2 via FTP is a technique that utilizes the File Transfer Protocol (FTP) to establish command and control communication between an attacker and victim systems. It involves sending commands and receiving responses within FTP sessions, effectively using FTP as a conduit for covert communication.
To implement C2 via FTP, an attacker needs control over an FTP server, and must …
SMB / Named Pipes Network Evasion
Named Pipes are a feature of the Windows operating system that allow for inter-process communication (IPC) using a pipe metaphor. These are particularly useful in networking scenarios as they can be made accessible over a network and facilitate a client-server model of communication. The SMB (Server Message Block) protocol is commonly used in Windows environments for shared access to files, …
XProtect Encryption Abuse Data Obfuscation
Malware can abuse Apple's macOS XProtect string encryption algorithm to hide critical strings, including commands, browser paths, extension IDs, cryptocurrency wallet locations, and command-and-control (C2) details.
This technique leverages the same XOR-based encryption logic implemented in macOS’s XProtect antivirus engine, this encryption is used for “encrypted YARA rules stored within the XProtect Remediator binaries”.
The encryption process involves …