Episode Details
Back to Episodes
Course 18 - Evading IDS Firewalls and Honeypots | Episode 6: Mastering Malware Evasion: Stealth, Obfuscation, and Anti-Analysis
Published 4 months, 1 week ago
Description
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Evading Initial Detection:
- Payload Obfuscation: Encoding payloads multiple times to cloak them from IDS detection.
- Benign Carrier Injection: Hiding malicious code inside legitimate scripts (e.g., Python Base64 payloads).
- Custom Packaging: Using packers to compress or encrypt malware, creating unique fingerprints that bypass signature-based detection.
- Post-Penetration Stealth:
- Fileless Attacks: Running scripts directly in memory via tools like PowerShell, avoiding disk storage.
- Folder Cloaking: Hiding directories using CLSID entries and desktop.ini files.
- Alternate Data Streams (ADS): Embedding executable code in hidden NTFS streams, keeping file sizes unchanged and avoiding standard file scans.
- Anti-Analysis and Oversight Detection:
- Environmental Checks: Detecting virtual machines or sandbox environments via CPU, registry, and network adapter inspection.
- Evasive Countermeasures: Terminating, altering behavior, or sleeping to avoid detection during analysis.
- Analogy for Understanding:
- Think of a spy infiltrating a high-security facility:
- Obfuscation: Wearing a disguise to bypass guards.
- Fileless attacks: Building tools inside the facility without carrying weapons.
- ADS and cloaking: Hiding secret documents in a hidden compartment of a normal briefcase.
- Anti-analysis: Acting like a janitor when noticing surveillance to avoid suspicion.
- Think of a spy infiltrating a high-security facility:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy