Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
10 item(s) found so far for this keyword.
Custom Encoding Data Obfuscation
Malware often uses custom encoding schemes to conceal their payloads and avoid detection. These custom schemes can be full custom layers, or they can be variations of known algorithms such as XOR or Base64. Using custom encoding schemes allows malware to encode their payloads in a unique way that can be difficult for security tools and forensic investigators to detect.
…Base64 Data Obfuscation
Base64 is a simple encoding scheme that is often used by malware to represent binary data in an ASCII string. This allows the malware to encode and transmit binary data, such as a payload or network traffic, in a way that is more compact and easier to transmit over text-based communication channels.
Base64 uses a 64-character alphabet to encode …
Caesar Cipher Data Obfuscation
The Caesar Cipher is a simple encoding algorithm that was used during the Roman Empire to hide secret messages. In this algorithm, each letter of the plaintext is replaced with a letter that is a fixed number of positions down the alphabet. For example, if the shift value is 3, then the letter "A" would be replaced with "D", "B" …
ROL Data Obfuscation
ROL, or Rotate Left, is a simple encoding algorithm similar to the Caesar Cipher. In the ROL algorithm, each letter of the plaintext is replaced with a letter that is a fixed number of positions down the alphabet. For example, if the rotation value is 3, then the letter "A" would be replaced with "D", "B" would be replaced with …
Ctrl+Inject Process Manipulating
The "Control Signal Handler Callback" technique involves injecting malicious code into a process by using a callback function for control signal handlers. When a control signal, such as Ctrl+C, is received by a process, the system creates a new thread to execute a function to handle the signal. This thread is typically created by the legitimate process "csrss.exe" in the …
Homograph Attack (Punycode) Network Evasion
A homograph attack is a type of phishing attack that uses homoglyphs (characters that look similar to other characters) to create domain names or URLs that appear to be legitimate, but are actually controlled by an attacker. Homograph attacks take advantage of the fact that many languages have characters that are visually similar to characters used in other languages.
…
Subvert Trust Controls: SIP and Trust Provider Hijacking Defense Evasion [Mitre]
Adversaries may tamper with SIP and trust provider components to mislead the operating system and application control tools when conducting signature validation checks. In user mode, Windows Authenticode digital signatures are used to verify a file's origin and integrity, variables that may be used to establish trust in signed code (ex: a driver with a valid Microsoft signature may be …
Shikata Ga Nai (SGN) Data Obfuscation
Shikata Ga Nai (SGN) is a data obfuscation technique that employs a polymorphic binary encoding scheme. It was initially developed by Ege Balci and gained popularity through its implementation in Metasploit Framework's msfvenom. SGN takes a binary input and generates a self-decoding obfuscated shellcode. The algorithm utilizes a XOR feedback loop for encoding and prefixes a decoding routine to the …
DNS Tunneling Network Evasion Defense Evasion [Mitre]
DNS tunneling is a technique that uses the Domain Name System (DNS) protocol to transfer data in an encrypted and covert manner. It involves encoding the data of other programs or protocols in DNS queries and responses, and using DNS servers as a means of communication.
To carry out DNS tunneling, the attacker typically needs access to a compromised …
Exfiltration via SMTP Network Evasion
Exfiltration via SMTP is a technique where attackers leverage the Simple Mail Transfer Protocol (SMTP) to exfiltrate data. This method involves sending stolen data, such as sensitive files or system information, via email to an attacker-controlled email account. By using email traffic, attackers can often bypass traditional network monitoring solutions since SMTP traffic is usually deemed legitimate.
To execute …