Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
4 item(s) found so far for this keyword.
CPUID Sandbox Evasion
The CPUID instruction is a low-level command that allows you to retrieve information about the CPU that is currently running. This instruction, which is executed at the CPU level (using the bytecode 0FA2), is available on all processors that are based on the Pentium architecture or newer.
You can use the CPUID instruction to retrieve various pieces of information …
Hide Artifacts: Run Virtual Instance Defense Evasion [Mitre]
Adversaries may carry out malicious operations using a virtual instance to avoid detection. A wide variety of virtualization technologies exist that allow for the emulation of a computer or computing environment. By running malicious code inside of a virtual instance, adversaries can hide artifacts associated with their behavior from security tools that are unable to monitor activity inside the virtual …
Rootkit Defense Evasion [Mitre]
Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, …
VboxEnumShares Sandbox Evasion
This method represents a variation of the WNetGetProviderName(WNNC_NET_RDR2SAMPLE, ...)
approach, which is typically employed to determine if the network share's provider name is specific, such as VirtualBox. Instead of relying on this well-established technique, we utilize WNetOpenEnum
and WNetEnumResource
functions to iterate through each network resource. The primary objective is to identify VirtualBox shared folders, which typically feature "VirtualBox" or …