Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
54 item(s) found so far for this keyword.
Subvert Trust Controls: Code Signing Policy Modification Defense Evasion [Mitre]
Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. Code signing provides a level of authenticity on a program from a developer and a guarantee that the program has not been tampered with. Security controls can include enforcement mechanisms to ensure that only valid, signed code can be run on an operating system.
Some …
Unloading Module with FreeLibrary Antivirus/EDR Evasion
Malware authors often use various techniques to evade detection by AV/EDR solutions. One such technique involves checking for the presence of AV/EDR DLLs that may be loaded in the malware's address space and attempting to unload them before executing their malicious code.
To do this, the malware first uses the GetModuleHandleA function to retrieve a handle to the DLL, …
Virtualization/Sandbox Evasion: System Checks Defense Evasion [Mitre]
Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions …
Shikata Ga Nai (SGN) Data Obfuscation
Shikata Ga Nai (SGN) is a data obfuscation technique that employs a polymorphic binary encoding scheme. It was initially developed by Ege Balci and gained popularity through its implementation in Metasploit Framework's msfvenom. SGN takes a binary input and generates a self-decoding obfuscated shellcode. The algorithm utilizes a XOR feedback loop for encoding and prefixes a decoding routine to the …