• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

3 item(s) found so far for this keyword.

Hijack Execution Flow: KernelCallbackTable Defense Evasion [Mitre]

Adversaries may abuse the KernelCallbackTable of a process to hijack its execution flow in order to run their own payloads. The KernelCallbackTable can be found in the Process Environment Block (PEB) and is initialized to an array of graphic functions available to a GUI process once user32.dll is loaded.

An adversary may hijack the execution flow of a process …

DLL Unhooking Antivirus/EDR Evasion

Endpoint Detection and Response (EDR) tools use a technique known as hooking to monitor sensitive system functions within the DLLs of loaded processes. Hooking is a method of live-patching system DLLs, enabling EDRs to intercept the flow of a program and evaluate its legitimacy.

Here's how it works: EDRs modify the first instructions of the functions within the DLLs. …

AppInit DLL Injection Process Manipulating Defense Evasion [Mitre]

Any Dynamic Link Libraries (DLL) that are specified within the AppInit_DLLs registry key values are loaded by user32.dll into any process that utilizes user32.dll. So by modifying the AppInit_DLLs registry key value and pointing it to a malicious DLL, an attacker can force the system to load their DLL into every process that utilizes user32.dll and force it to execute …

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now