Approches for Evasion

Obfuscation

  • Change / Remove IoCs/String, add trash

  • Manual or automatic

  • On source Code level or for compiled binaries

Packing

  • Compression / Encryption of the payload

  • Decompression / Decryption on Runtime

  • Execution from memory

C&C Execution

  • Execution from memory - same techniques as Packer

PreviousResourcesNextC2

Last updated