Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
173 item(s) found so far for this keyword.
Disabling Event Tracing for Windows (ETW) Anti-Forensic
Many EDR solutions leverage Event Tracing for Windows (ETW) extensively. ETW allows for extensive instrumentation and tracing of a process functionality and WINAPI calls. It has components in the kernel, to register callbacks for system calls and other kernel operations, but also consists of a userland component that is part of ntdll.dll.
Since ntdll.dll is a DLL loaded into …
ProcEnvInjection - Remote code injection by abusing process environment strings Process Manipulating
This method allows to inject custom code into a remote process without using WriteProcessMemory - It will use the lpEnvironment parameter in CreateProcess to copy the code into the target process. This technique can be used to load a DLL into a remote process, or simply execute a block of code.
The lpEnvironment parameter in CreateProcess allows us to …
Alternate EXE Packer Packers
EXE Packer is able to compress executable files (type EXE) or DLL-files. Already compressed files may also be decompressed with this program. There exist 12 different levels for file-compression. This program is also able to create backups of the files that shall be compressed.
If a file is compressed the physical file-size is reduced on the respective device. A …
ExeStealth Packers
ExeStealth is a tool that encrypts files to avoid detection and hacking. Designed by WebToolMaster, this free software is simple to implement and one of the best anti-hacking tools on the market, which also makes it effective at hiding malware code in your system.
PECompact Packers
PECompact is a Windows executable compressor. It has a plugin system that offers virtually customization.
AsProtect Packers
ASProtect is a multifunctional EXE packing tool designed for software developers to protect 32-bit applications with in-built application copy protection system.
It includes software compression, provides protection methods and tools for software from unauthorized copying, analysis, disassemblers and debuggers.
ASProtect 32 also provides enhanced work with registration keys and the ability to create a single application that can …
Obsidium Packers
Obsidium is a software protection and licensing system that is designed to protect 32-bit and 64-bit Windows software applications and games from reverse engineering, unauthorized modifications ("cracking") and redistribution ("software piracy") while providing a licensing system.
DLL Proxying Process Manipulating
DLL proxying is a technique used by malware to evade detection and gain persistence on a system. It involves replacing a legitimate DLL with a malicious DLL that has the same exported functions and is named similarly to the legitimate DLL.
When a program attempts to load the legitimate DLL, it will instead load the malicious DLL, which acts …
Hijack Execution Flow: DLL Search Order Hijacking Defense Evasion [Mitre]
Adversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program. Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution.
There are many ways an …
Homograph Attack (Punycode) Network Evasion
A homograph attack is a type of phishing attack that uses homoglyphs (characters that look similar to other characters) to create domain names or URLs that appear to be legitimate, but are actually controlled by an attacker. Homograph attacks take advantage of the fact that many languages have characters that are visually similar to characters used in other languages.
…