Search For Content
Search Result
106 item(s) found so far for this keyword.
Base64
Base64 is a simple encoding scheme that is often used by malware to represent binary data in an ASCII string. This allows the malware to encode and transmit binary data, such as a payload or network traffic, in a way that is more compact and easier to transmit over text-based communication channels.
Base64 uses a 64-character alphabet to encode …
Read moreCaesar Cipher
The Caesar Cipher is a simple encoding algorithm that was used during the Roman Empire to hide secret messages. In this algorithm, each letter of the plaintext is replaced with a letter that is a fixed number of positions down the alphabet. For example, if the shift value is 3, then the letter "A" would be replaced with "D", "B" …
Read moreCustom Encoding
Malware often uses custom encoding schemes to conceal their payloads and avoid detection. These custom schemes can be full custom layers, or they can be variations of known algorithms such as XOR or Base64. Using custom encoding schemes allows malware to encode their payloads in a unique way that can be difficult for security tools and forensic investigators to detect.
… Read moreLOLbins
A lolbin (short for "Living Off the Land Binaries") is a legitimate Windows utility that can be used by adversaries to execute arbitrary commands. Various Windows utilities may be used to execute commands, possibly without invoking cmd. For example, the Program Compatibility Assistant (pcalua.exe) and components of the Windows Subsystem for Linux (WSL) are examples of lolbins that can be …
Read moreInline Hooking
Inline hooking is a technique used to intercept calls to target functions. It is commonly used by antiviruses, sandboxes, and malware to perform a variety of tasks, such as checking parameters, shimming, logging, spoofing returned data, and filtering calls.
The process of inline hooking involves directly modifying the code within the target function, usually by overwriting the first few …
Read moreFast Flux
Fast flux is a technique used by botnets to conceal the location of their phishing and malware delivery sites by using a constantly changing network of compromised hosts as proxies. This makes it difficult for law enforcement and other security actors to track down and shut down the sites, as the IP addresses of the sites are constantly changing.
…
Read moreDNS Tunneling
![Defense Evasion [Mitre] icon](/media/2024/04/08/icons8-burglar.svg){kind=small}
DNS tunneling is a technique that uses the Domain Name System (DNS) protocol to transfer data in an encrypted and covert manner. It involves encoding the data of other programs or protocols in DNS queries and responses, and using DNS servers as a means of communication.
To carry out DNS tunneling, the attacker typically needs access to a compromised …
Read moreDNS Hijacking
DNS hijacking or DNS redirection is a technique used to subvert the normal domain name resolution process. It involves redirecting DNS queries to a rogue DNS server controlled by an attacker, or modifying the behavior of a trusted DNS server so that it does not comply with internet standards. This can be done for various purposes, such as phishing attacks, …
Read moreConsoleWindowClass
One method that has been used to achieve process injection is by manipulating the User Data of a window object.
The User Data of a window is a small amount of memory that is usually used to store a pointer to a class object. This memory can be set using the SetWindowLongPtr API and the GWLP_USERDATA parameter. In the …
User Interaction (Are you human?)
You can get an advantage against sandboxes by using user interaction techniques. For example, The average user has a username and password and as long as the user you are targeting does not enter their password correctly, you can prevent your malware execution and bypass the possible sandbox control.
Read more