killchain-compendium/antivirus_evasion.md

# Antivirus Evasion

* Existing types
    * On-Disk evasion
    * In-Memory evasion

* Detection Methods
    * Static Detection -- Hash or String/Byte Matching
    * Dynamic / Heuristic / Behaviourial Detection -- predefined rules, run inside a sandbox


## Links
* [cmnatic](https://cmnatic.co.uk/)
* [cmnatic's diss](https://resources.cmnatic.co.uk/Presentations/Dissertation/)