killchain-compendium/antivirus_evasion.md

Antivirus Evasion

• Existing types

  • On-Disk evasion
  • In-Memory evasion

• Detection Methods

  • Static Detection -- Hash or String/Byte Matching
  • Dynamic / Heuristic / Behaviourial Detection -- predefined rules, run inside a sandbox

Links

• cmnatic
• cmnatic's diss