• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

182 item(s) found so far for this keyword.

NOP Sled Anti-Disassembly

In computer security, a NOP slide is a sequence of NOP (no-operation) instructions that is inserted at the beginning of a code section. When a program branches to the start of this code section, it will "slide" through the NOP instructions until it reaches the desired, final destination. This technique is commonly used in software exploits to direct program execution …

Call Trick Anti-Disassembly

The call trick is an anti-disassembling technique that involves modifying the default function's return address. This can be used in conjunction with other techniques, such as the insertion of garbage bytes, to break disassemblers. Disassemblers that use recursive traversal or linear sweep may be particularly vulnerable to this trick, as they may be unable to accurately interpret the next instruction …

Inserting Garbage Bytes Anti-Disassembly

Garbage bytes are random or meaningless data that is inserted into a program's code in order to make reverse engineering and analysis more difficult. This is an anti-disassembling technique, as the insertion of these random bytes can cause disassemblers to misinterpret the code and produce incorrect disassembly results.

The insertion of garbage bytes is usually used in conjunction with …

Register Reassignment Anti-Disassembly

Register reassignment is a technique used in code obfuscation and anti-disassembling to make reverse engineering and analysis more difficult. It involves modifying the instructions in a program to use different registers in different versions or instances of the program. This can make it more difficult for a reverse engineer or disassembler to understand the program's behavior, as the register assignments …

Opaque Predicate Anti-Disassembly

Opaque predicate is a term used in programming to refer to decision making where there is only one possible outcome. This can be achieved through the use of complex or hard-to-understand logic, such as calculating a value that will always return True.

Opaque predicates are often used as anti-disassembling techniques, as they can make it difficult for an analyst …

Kill Process Anti-Monitoring

Malware often employs techniques to evade detection and hinder the efforts of security experts in analyzing its behavior. One notable method involves terminating processes associated with anti-virus software or monitoring tools.

For example, malware may specifically target processes like wireshark.exe, ida.exe, or procmon.exe, which are frequently used by analysts to observe and scrutinize running processes on a system. By …

Wiping or Encrypting Anti-Forensic

Anti-forensic techniques are methods used by malware to prevent security professionals from detecting and analyzing it. One way that malware can accomplish this is by using wiping or encryption techniques to remove its own trace from the system.

In some cases, malware may use wiping or encryption as a decoy, in order to distract security professionals and hide its …

Hiding Mechanisms Others

Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …

Fast Flux Network Evasion

Fast flux is a technique used by botnets to conceal the location of their phishing and malware delivery sites by using a constantly changing network of compromised hosts as proxies. This makes it difficult for law enforcement and other security actors to track down and shut down the sites, as the IP addresses of the sites are constantly changing.

…

Process Reimaging Process Manipulating

Process Reimaging is a technique used to evade detection by endpoint security solutions. It is a variation of the Process Hollowing or Process Doppelganging techniques, which are used to execute arbitrary code in the context of another process.

The Windows operating system has inconsistencies in how it determines the locations of process image FILE_OBJECTs, which can impact the ability …

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now