Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
91 item(s) found so far for this keyword.
Guard Pages Anti-Debugging
Memory breakpoints are a technique used by malware to detect if a debugger is present. This technique involves setting up a "guard page" in memory, which is a page of memory that is protected by the operating system and cannot be accessed by normal code. If a debugger is present, the malware can use this guard page to detect its …
Thread Execution Hijacking Process Manipulating
Thread execution hijacking is a technique used by malware to evade detection by targeting an existing thread of a process and avoiding any noisy process or thread creation operations. This technique allows the malware to run its code within the context of the targeted thread, without creating new processes or threads, which can be easily detected by security software.
…
Image File Execution Options Injection Process Manipulating
Image File Execution Options Injection, also known as IFEO Injection, is a technique used by malware to evade detection and persist on a compromised system.
The technique involves modifying the Image File Execution Options (IFEO) registry key, which is used by the Windows operating system to set debugging options for executable files. When an executable file is launched, the …
Atom Bombing Process Manipulating
Atom Bombing is a technique that utilizes Windows Atom Tables, which provide a global storage mechanism for strings, to inject malicious code into a target process.
The technique involves storing a shellcode in an Atom Table, then using the NtQueueApcThread function to force the targeted process to access the specific Atom, causing the injection to occur. To bypass Data …
Extra Window Memory Injection Process Manipulating
Before creating a window, graphical Windows-based processes must prescribe to or register a windows class, which stipulate appearance and behavior (via windows procedures, which are functions that handle input/output of data).
Registration of new windows classes can include a request for up to 40 bytes of Extra Window Memory (EWM) to be appended to the allocated memory of each …
PE Injection Process Manipulating
Instead of passing the address of the LoadLibrary, malware can copy its malicious code into an existing open process and force it to execute (either via a small shellcode, or by calling CreateRemoteThread).
One advantage of PE injection over the LoadLibrary technique is that the malware does not have to drop a malicious DLL on the disk. The …
Propagate Process Manipulating
This technique involves modifying the internal properties of a window in order to intercept and modify or monitor the behavior of the window when it receives messages. To do this, an application creates a buffer containing shellcode and injects it into the target process.
Then, it modifies the internal structure used by the specific properties, such as UxSubclassInfo and …
Ctrl+Inject Process Manipulating
The "Control Signal Handler Callback" technique involves injecting malicious code into a process by using a callback function for control signal handlers. When a control signal, such as Ctrl+C, is received by a process, the system creates a new thread to execute a function to handle the signal. This thread is typically created by the legitimate process "csrss.exe" in the …
COM Hijacking Process Manipulating
COM hijacking is a technique used by adversaries to insert malicious code into the Windows operating system through the Microsoft Component Object Model (COM).
COM is a system that allows software components to interact with each other, and adversaries can abuse this system to execute their own code in place of legitimate software. To achieve this, they alter references …
Hiding Mechanisms Others
Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …