Bypassing Static Heuristic

Created the Monday 18 March 2019. Updated 5 months, 3 weeks ago.

Dynamic heuristic engines are implemented in the form of hooks (in user-land or kernel-land) or based on emulation. User-land hooks (HIPS) can be easily bypass by malware by patching back the entry point of the hooked function. For kernel-land hook, malware has to run in kernel space by installing a driver or abusing a kernel-level vulnerability.


Technique Identifier

U0510



Subscribe to our Newsletter

Don't miss out on the latest and greatest updates from us! Subscribe to our newsletter and be the first to know about exciting content and future updates.