Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
74 item(s) found so far for this keyword.
IPV4/IPV6 Obfuscation Data Obfuscation
The obfuscated payload masquerades itself as an array of ASCII IPv4 addresses. Each one of these IPs is passed to the RtlIpv4StringToAddressA function, which will translate the ASCII IP string to binary. The binary representation of all of these IPs is combined to form a blob of shellcode. Additionally, IPfuscation variants were spotted using IPv6 instead of IPv4 addresses, UUIDs, …
Deleting Troubleshoot Information and Core Dumps Anti-Forensic
Commands like rm -rf /data/var/statedumps/* and rm -rf /data/var/cores/* delete state dumps and core dumps, which are generated when processes crash. These files contain memory snapshots, stack traces, and runtime states of processes at the time of failure. They are often used to debug and understand the causes of crashes or application malfunctions.
Attackers use this technique to eliminate …
WMI Event Subscriptions Sandbox Evasion
Adversaries may leverage WMI event subscriptions to evade detection by triggering malicious actions only under specific conditions that are unlikely to occur in a sandboxed environment. For instance, a threat actor might configure an event subscription to monitor file system, network, or logon activity, ensuring that their second-stage payload is only downloaded and executed when a particular event suggests real …
Indirect Memory Writing Antivirus/EDR Evasion
In code-injection scenarios, for example, when a loader places a payload into memory for execution, many antimalware engines detect or block malicious activity at the moment the payload bytes are written into the newly allocated executable memory region. Attackers may try to evade such detection by avoiding direct writes to new memory region and instead relying on other, legitimate Windows …