Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
3 item(s) found so far for this keyword.
Unloading Sysmon Driver Anti-Monitoring
Sysmon is a tool that can be used to monitor system activity on Windows systems. It records various types of events, such as process creation, network connections, and registry changes, and stores them in the Windows Event Log. Security analysts can use this information to detect and investigate malicious activity on a system.
One way that malware can evade …
Indicator Removal: Clear Network Connection History and Configurations Defense Evasion [Mitre]
Adversaries may clear or remove evidence of malicious network connections in order to clean up traces of their operations. Configuration settings as well as various artifacts that highlight connection history may be created on a system from behaviors that require network connections, such as Remote Services or External Remote Services. Defenders may use these artifacts to monitor or otherwise analyze …
Rootkit Defense Evasion [Mitre]
Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, …