Search Evasion Techniques
Names, Techniques, Definitions, Keywords
3 item(s) found so far for this keyword.
Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process-based defenses as well as possibly elevate privileges. APC injection is a method of executing arbitrary code in the address space of a separate live process.
APC injection is commonly performed by attaching malicious code to the APC Queue of a process's …
Malware can take advantage of Asynchronous Procedure Calls (APC) to force another thread to execute their custom code by attaching it to the APC Queue of the target thread.
Each thread has a queue of APCs which are waiting for execution upon the target thread entering alterable state.
A thread enters an alert table state if it calls
This anti-debugging technique involves using the
INT n instruction to generate a call to the interrupt or exception handler specified with the destination operand.
To implement this technique, the int
0x03 instruction is executed, followed by a
ret (0xCD03, 0xC3) nested in a
__try, __except block. If a debugger is present, the except block will not be executed, and …