Search For Content
Search Result
186 item(s) found so far for this keyword.
NOP Sled
In computer security, a NOP slide is a sequence of NOP (no-operation) instructions that is inserted at the beginning of a code section. When a program branches to the start of this code section, it will "slide" through the NOP instructions until it reaches the desired, final destination. This technique is commonly used in software exploits to direct program execution …
Read moreCall Trick
The call trick is an anti-disassembling technique that involves modifying the default function's return address. This can be used in conjunction with other techniques, such as the insertion of garbage bytes, to break disassemblers. Disassemblers that use recursive traversal or linear sweep may be particularly vulnerable to this trick, as they may be unable to accurately interpret the next instruction …
Read moreInserting Garbage Bytes
Garbage bytes are random or meaningless data that is inserted into a program's code in order to make reverse engineering and analysis more difficult. This is an anti-disassembling technique, as the insertion of these random bytes can cause disassemblers to misinterpret the code and produce incorrect disassembly results.
The insertion of garbage bytes is usually used in conjunction with …
Read moreRegister Reassignment
Register reassignment is a technique used in code obfuscation and anti-disassembling to make reverse engineering and analysis more difficult. It involves modifying the instructions in a program to use different registers in different versions or instances of the program. This can make it more difficult for a reverse engineer or disassembler to understand the program's behavior, as the register assignments …
Read moreOpaque Predicate
Opaque predicate is a term used in programming to refer to decision making where there is only one possible outcome. This can be achieved through the use of complex or hard-to-understand logic, such as calculating a value that will always return True.
Opaque predicates are often used as anti-disassembling techniques, as they can make it difficult for an analyst …
Read moreKill Process
Malware often employs techniques to evade detection and hinder the efforts of security experts in analyzing its behavior. One notable method involves terminating processes associated with anti-virus software or monitoring tools.
For example, malware may specifically target processes like wireshark.exe, ida.exe, or procmon.exe, which are frequently used by analysts to observe and scrutinize running processes on a system. By …
Read moreWiping or Encrypting
Anti-forensic techniques are methods used by malware to prevent security professionals from detecting and analyzing it. One way that malware can accomplish this is by using wiping or encryption techniques to remove its own trace from the system.
In some cases, malware may use wiping or encryption as a decoy, in order to distract security professionals and hide its …
Read moreHiding Mechanisms
Malware often uses various techniques to hide its presence on a system and avoid detection. One common method is to modify or create entries in the system registry, which is a database of configuration settings for the operating system and installed applications. By modifying these settings, malware can hide itself from security software or other programs that might detect its …
Read moreFast Flux
Fast flux is a technique used by botnets to conceal the location of their phishing and malware delivery sites by using a constantly changing network of compromised hosts as proxies. This makes it difficult for law enforcement and other security actors to track down and shut down the sites, as the IP addresses of the sites are constantly changing.
…
Read moreProcess Reimaging
Process Reimaging is a technique used to evade detection by endpoint security solutions. It is a variation of the Process Hollowing or Process Doppelganging techniques, which are used to execute arbitrary code in the context of another process.
The Windows operating system has inconsistencies in how it determines the locations of process image FILE_OBJECTs, which can impact the ability …
Read more