Search Evasion Techniques
Names, Techniques, Definitions, Keywords
3 item(s) found so far for this keyword.
Suspending threads is a technique used by malware to disable user-mode debuggers and make it more difficult for security analysts to reverse engineer and analyze the code. This can be achieved by using the
SuspendThread function from the kernel32.dll library or the
NtSuspendThread function from the NTDLL.DLL library.
The malware can enumerate the threads of a given process, or search …
Process Injection: Thread Execution Hijacking Defense Evasion [Mitre]
Adversaries may inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. Thread Execution Hijacking is a method of executing arbitrary code in the address space of a separate live process.
Thread Execution Hijacking is commonly performed by suspending an existing process then unmapping/hollowing its memory, which can then be replaced with …
NtSetInformationThread can be used to hide threads from debuggers using the
17). This is intended to be used by an external process, but any thread can use it on itself.
After the thread is hidden from the debugger, it will continue running but the debugger won’t receive events related to this thread. This thread …