Unprotect Navbar Version Logo
  • Home
  • Techniques
  • Scan
  • Resources
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • Avatar Login

Search For Content

Clear

Search Result

119 item(s) found so far for this keyword.

Kill Process
Anti-Monitoring icon
Anti-Monitoring

Malware often employs techniques to evade detection and hinder the efforts of security experts in analyzing its behavior. One notable method involves terminating processes associated with anti-virus software or monitoring tools.

For example, malware may specifically target processes like wireshark.exe, ida.exe, or procmon.exe, which are frequently used by analysts to observe and scrutinize running processes on a system. By …

Read more

Indicator Removal: Clear Windows Event Logs
Anti-Forensic icon
Anti-Forensic
Defense Evasion [Mitre] icon
Defense Evasion [Mitre]

Event logging is a process that records important software and hardware events from various sources and stores them in a centralized location called an event log. This service is commonly used by applications and operating systems to track and troubleshoot issues, and can be a valuable tool for forensic investigations.

Event logs can provide valuable information about the actions …

Read more

Hiding Mechanisms
Others icon
Others

Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …

Read more

Fast Flux
Network Evasion icon
Network Evasion

Fast flux is a technique used by botnets to conceal the location of their phishing and malware delivery sites by using a constantly changing network of compromised hosts as proxies. This makes it difficult for law enforcement and other security actors to track down and shut down the sites, as the IP addresses of the sites are constantly changing.

…

Read more

Checking Malware Name
Sandbox Evasion icon
Sandbox Evasion
Anti-Monitoring icon
Anti-Monitoring

Malware can use various techniques to evade detection by security analysts and researchers. One such technique is to check the name of the malware sample before fully executing on the infected machine. If the sample has been renamed to a blacklisted name, such as "malware.exe" or "sample.exe", or even with the file hash, the malware can detect this and change …

Read more

DNS API Injection
Process Manipulating icon
Process Manipulating

DNS API injection is a technique used by malware to evade detection by intercepting and modifying DNS (Domain Name System) requests made by a host system. The technique involves injecting code into the DNS API (Application Programming Interface) of the host system, which is a set of functions and protocols that allow communication with the DNS service. By injecting code …

Read more

Indicator Removal: Timestomp
Anti-Forensic icon
Anti-Forensic
Defense Evasion [Mitre] icon
Defense Evasion [Mitre]

Timestomping is a technique used by adversaries to modify the timestamps of a file, such as the modify, access, create, and change times. This technique is often used to hide the fact that a file has been modified or created by the adversary, making it more difficult for forensic investigators or file analysis tools to detect the changes.

By …

Read more

Execution Guardrails: Environmental Keying
Defense Evasion [Mitre] icon
Defense Evasion [Mitre]

Adversaries may environmentally key payloads or other features of malware to evade defenses and constraint execution to a specific target environment. Environmental keying uses cryptography to constrain execution or actions based on adversary supplied environment specific conditions that are expected to be present on the target. Environmental keying is an implementation of Execution Guardrails that utilizes cryptographic techniques for deriving …

Read more

File Melt
Others icon
Others

File melting is a technique that malware uses to delete itself after it has been installed on a system. This is often done in order to avoid detection by antivirus programs or other security measures. The process of file melting involves overwriting the file with random data, making it impossible to recover the original file or to detect the presence …

Read more

Detecting Online Sandbox
Sandbox Evasion icon
Sandbox Evasion

Online sandboxes are widely used for malware analysis. To evade detection, many malware families implement checks to identify if they are running in such environments. Below are examples of detection techniques for Any.Run and Tria.ge.

Detecting Any.Run

  • Any.Run uses a fake root certificate to spy on sandbox traffic. System information can be obtained by querying …

Read more
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | GDPR

Contribute Now