RSS Feed

Hiding Processes

Created: 26.05.2023

Malware is not going to just always sit there and sing 🎶. Below are common techniques. More detailed explanation is in the anti-forensics section.

  • Service Hijacking and Replacement.
  • Process Injection. Stealthy. Trivial identification using RAM analysis tools.
  • Filename/Service Hijacking.
  • ADS.
  • WebShells and Beacons.
  • Firmware.
  • DLL Injeciton.
  • A/V Bypass.
  • Defense Manipulation.
  • Frequent Compilation.
  • Binary Padding.
  • Armoring. It’s useful to avoid A/V, but it’s very suspicious and easy to spot. Examples: packed malware, polymorphic.
  • Dormant Malware 💤. I’ll think about that tomorrow. Tomorrow is another day. (c, Gone With The Wind).
  • Signing Code with Valid Cert. Thawte and Verisign are responsible for issuing ceritifacates for malware.
  • Anti-Forensics/Timestomping. Timestomping is used to modify the timestamps of a file.
  • Rootkits.
  • “Fileless” Malware.


Expand… Something here