• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

32 item(s) found so far for this keyword.

Reflective DLL injection Process Manipulating

Reflective DLL loading refers to loading a DLL from memory rather than from disk. Windows doesn’t have a LoadLibrary function that supports this, so to get the functionality you have to write your own, omitting some of the things Windows normally does, such as registering the DLL as a loaded module in the process, potentially bypassing DLL load monitoring.

…

PE Injection Process Manipulating

Instead of passing the address of the LoadLibrary, malware can copy its malicious code into an existing open process and force it to execute (either via a small shellcode, or by calling CreateRemoteThread).

One advantage of PE injection over the LoadLibrary technique is that the malware does not have to drop a malicious DLL on the disk. The …

Indicator Removal: Clear Windows Event Logs Anti-Forensic Defense Evasion [Mitre]

Event logging is a process that records important software and hardware events from various sources and stores them in a centralized location called an event log. This service is commonly used by applications and operating systems to track and troubleshoot issues, and can be a valuable tool for forensic investigations.

Event logs can provide valuable information about the actions …

Hiding Mechanisms Others

Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …

Fast Flux Network Evasion

Fast flux is a technique used by botnets to conceal the location of their phishing and malware delivery sites by using a constantly changing network of compromised hosts as proxies. This makes it difficult for law enforcement and other security actors to track down and shut down the sites, as the IP addresses of the sites are constantly changing.

…

Tor Network C2 Network Evasion

Tor is a free and open-source network that enables anonymous communication. It uses a network of volunteer-operated servers, known as "relays," to route internet traffic in a way that conceals the user's location and usage from surveillance and traffic analysis. By routing traffic through multiple relays, Tor makes it difficult to trace internet activity back to the user.

Malware …

Peer to peer C2 Network Evasion

Peer-to-peer (P2P) botnets are a type of botnet that uses a decentralized network structure, without a central command and control (C&C) server. Each infected machine in a P2P botnet maintains a list of other trusted computers (including other infected machines), as well as information drop locations and locations where the malware can be updated. Some P2P botnets also use encryption …

Process Reimaging Process Manipulating

Process Reimaging is a technique used to evade detection by endpoint security solutions. It is a variation of the Process Hollowing or Process Doppelganging techniques, which are used to execute arbitrary code in the context of another process.

The Windows operating system has inconsistencies in how it determines the locations of process image FILE_OBJECTs, which can impact the ability …

File Melt Others

File melting is a technique that malware uses to delete itself after it has been installed on a system. This is often done in order to avoid detection by antivirus programs or other security measures. The process of file melting involves overwriting the file with random data, making it impossible to recover the original file or to detect the presence …

Themida Packers

Themida is a commercial known packer that embeds several features including anti-debugging, virtual machine emulation, encryption...

  • Anti-debugger techniques that detect/fool any kind of debugger

  • Anti-memory dumpers techniques for any Ring3 and Ring0 dumpers

  • Different encryption algorithms and keys in each protected application

  • Anti-API scanners techniques that avoids reconstruction …

  • 1
  • 2
  • 3
  • 4

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now