Evasion

From wikieduonline
Jump to navigation Jump to search

Evasion is bypassing an information security device (e.g., firewall or intrusion detection/prevention systems) in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

Evasion Techniques[edit]

Polymorphic Code – Code commonly used to bypass pattern and hash based detection, the malware modifies itself in delivery to other locations, thus effectively being really hard to track and detect. Polymorphic attacks don’t have a single detectable signature, Shikata ga nai meaning (“It cannot be helped”) is a popular polymorphic encoder inside metasploit’s framework making it relatively easy to turn malicious code into polymorphic code.

This technique specifically involves encoding the payload in some fashion, then placing a decoder to undo that mess in front of the payload before sending it. When the target executes the polymorphic code, the decoder is run first which rewrites the subsequent payload into its original, malicious and nasty form before executing.

Tools[edit]

  • Nmap - IP adress decoy


See also[edit]

Advertising: