• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

7 item(s) found so far for this keyword.

Checking Pipe Sandbox Evasion

Cuckoo is an open-source automated malware analysis system that performs dynamic analysis by running suspicious files in isolated virtual environments.

To facilitate communication between the host system (analysis environment) and the guest system (execution environment), Cuckoo uses a named pipe: \.\pipe\cuckoo

Detection Technique

Malware running inside the guest can check for the existence of this named pipe. …

FIleless Mechanisms Process Manipulating

Fileless malware is a type of malware that is designed to reside and execute entirely in the memory of a host system, without leaving any trace on the local disk. This can make it more difficult for security tools to detect and remove the malware, as it does not leave any files on the system that can be scanned or …

Treepoline Process Manipulating

Tree-view controls are a type of user interface element that is used to display hierarchical data in a graphical user interface (GUI). They are commonly used in Windows applications and allow users to navigate and explore complex data structures.

To display its content, a tree-view control must sort the items it shows. The sorting routine for a tree-view control …

OLEUM Process Manipulating

Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window. Edit controls can be set to display text in multiline mode, in which case they …

CLIPBRDWNDCLASS Process Manipulating

CLIPBRDWNDCLASS is a window class that is registered by the Object Linking & Embedding (OLE) library (ole32.dll) to handle clipboard data. When a window of this class is created, it is assigned a number of window properties that store the addresses of various interfaces that are used to process clipboard data. These interfaces include the ClipboardDataObjectInterface, ClipboardRootDataObjectInterface, and …

DNS API Injection Process Manipulating

DNS API injection is a technique used by malware to evade detection by intercepting and modifying DNS (Domain Name System) requests made by a host system. The technique involves injecting code into the DNS API (Application Programming Interface) of the host system, which is a set of functions and protocols that allow communication with the DNS service. By injecting code …

Indicator Removal: Clear Persistence Defense Evasion [Mitre]

Adversaries may clear artifacts associated with previously established persistence on a host system to remove evidence of their activity. This may involve various actions, such as removing services, deleting executables, Modify Registry, Plist File Modification, or other methods of cleanup to prevent defenders from collecting evidence of their persistent presence.

In some instances, artifacts of persistence may also be …

The #UnprotectProject is brought to you by 🇫🇷 DarkCoderSc and 🇫🇷 fr0gger_

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now