Search Evasion Techniques
Names, Techniques, Definitions, Keywords
4 item(s) found so far for this keyword.
PowerShell scripts can be obfuscated using methods that encode commands exclusively with special characters. This technique aims to complicate analysis and potentially evade detection mechanisms.
Attackers frequently employ these tactics to hide the true functionalities of the script, making the analysis more challenging.
In addition to clearing system logs, an adversary may clear the command history of a compromised account to conceal the actions undertaken during an intrusion. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they've done.
On Windows hosts, PowerShell has two different command history providers: the built-in history and …
Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden. This may be utilized by system administrators to avoid disrupting user work environments when carrying out administrative tasks.
On Windows, there are a variety of features …
Adversaries may spoof the parent process identifier (PPID) of a new process to evade process-monitoring defenses or to elevate privileges. New processes are typically spawned directly from their parent, or calling, process unless explicitly specified.
One way of explicitly assigning the PPID of a new process is via the
CreateProcess API call, which supports a parameter that defines the PPID …