Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

OSCP > Antivirus Evasion > Flashcards

Antivirus Evasion Flashcards

1
Q

Heuristic-Based Detection

A
  • relies on rules and algorithms to determine whether an action is considered malicious
  • this is often achieved by stepping through the instruction set of a binary file or by attempting to decompile and then analyze the source code.
  • the idea is to look for various patterns and program calls that are considered malicious
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Behavior-Based Detection

A
  • dynamically analyzes the behavior of a binary file
  • this is often achieved by executing the file in an emulated environment, such as a small virtual machine, and look for behaviors or actions that are considered malicous
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cypters

A
  • On-Disk Evasion technique
  • cryptographically alters executable code, adding a decrypting stub that restores the original code upon execution.
  • this decryption happens in-memory, leaving only the encrypted code on-disk.
  • Encryption has become foundational in modern malware as one of the most effective AV evasion techniques
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In-Memory AV Evasion

A
  • aka PE Injection
  • focuses on the manipulation of volatile memory
  • one of the main benefits of this technique is that it does not write any files to disk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is PowerShell In-Memory Injection?

A
  • a powerful feature of PowerShell is that it can interact with the Windows API
  • this allows us to implement the in-memory injection process in a PowerShell script
  • executing a PowerShell script for in-memory injection makes it difficult for AV to determine if the script is malicious or not since it is run inside an interpreter and the script itself isn’t executable code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Shellter?

A
  • a dynamic shellcode injection tool
  • it uses a number of novel and advanced techniques to essentially backdoor a valid and non-malicious executable file with a malicious shellcode payload
  • it performs an analysis of the target PE file and the execution paths
  • it then determines where it can inject the shellcode, without relying on traditional injection techniques that are easily caught by AV engines
  • Shellter attempts to use the existing PE Import Address Table (IAT) entries to locate functions that will be used for the memory allocation, transfer, and execution of our payload
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do you run Shellter?

A
  • sudo apt install shellter

- apt install wine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

OSCP (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions