Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
172 item(s) found so far for this keyword.
Code Transposition Anti-Disassembly
Code transposition is a technique used by malware authors to evade detection and analysis by rearranging the instructions of a piece of code without changing its behavior. This technique is used to make the code more difficult to read and understand for disassemblers and reverse engineers, as well as to hide the true intent of the code.
There are …
Kill Process Anti-Monitoring
Malware often employs techniques to evade detection and hinder the efforts of security experts in analyzing its behavior. One notable method involves terminating processes associated with anti-virus software or monitoring tools.
For example, malware may specifically target processes like wireshark.exe, ida.exe, or procmon.exe, which are frequently used by analysts to observe and scrutinize running processes on a system. By …
Wiping or Encrypting Anti-Forensic
Anti-forensic techniques are methods used by malware to prevent security professionals from detecting and analyzing it. One way that malware can accomplish this is by using wiping or encryption techniques to remove its own trace from the system.
In some cases, malware may use wiping or encryption as a decoy, in order to distract security professionals and hide its …
Hiding Mechanisms Others
Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …
Domain Generation Algorithm Network Evasion
Domain generation algorithms (DGAs) are algorithms used by malware to generate a large number of domain names that can be used as communication channels with their command and control servers. These domain names are generated periodically, typically using a pseudorandom number generator.
The use of DGAs makes it difficult for law enforcement and other security actors to shut down …
DNS Hijacking Network Evasion
DNS hijacking or DNS redirection is a technique used to subvert the normal domain name resolution process. It involves redirecting DNS queries to a rogue DNS server controlled by an attacker, or modifying the behavior of a trusted DNS server so that it does not comply with internet standards. This can be done for various purposes, such as phishing attacks, …
Tor Network C2 Network Evasion
Tor is a free and open-source network that enables anonymous communication. It uses a network of volunteer-operated servers, known as "relays," to route internet traffic in a way that conceals the user's location and usage from surveillance and traffic analysis. By routing traffic through multiple relays, Tor makes it difficult to trace internet activity back to the user.
Malware …
Peer to peer C2 Network Evasion
Peer-to-peer (P2P) botnets are a type of botnet that uses a decentralized network structure, without a central command and control (C&C) server. Each infected machine in a P2P botnet maintains a list of other trusted computers (including other infected machines), as well as information drop locations and locations where the malware can be updated. Some P2P botnets also use encryption …
C2 via Social Networks Network Evasion
Malware often relies on a communication channel with its operator in order to receive instructions and updates. This channel is known as a command and control (C&C or C2) channel. C&C channels can take various forms, such as internet relay chat (IRC), peer-to-peer protocols, and even social media. The use of C&C channels allows the operator to remotely control the …
Malvertising Others
Malvertising is a type of cyber attack that involves using online advertising as a means to spread malware. This is attractive to attackers because it allows them to easily reach a large number of users without having to directly compromise the websites hosting the ads. The ads themselves can be inserted into reputable and high-profile websites, which can help attackers …