Skip to content

Instantly share code, notes, and snippets.

@fr0gger
Last active July 7, 2021 16:25
Show Gist options
  • Save fr0gger/088ed69ec8bf31587386ae3706245805 to your computer and use it in GitHub Desktop.
Save fr0gger/088ed69ec8bf31587386ae3706245805 to your computer and use it in GitHub Desktop.
Anti-Sandboxing Antivirus Evasion Anti-Debugging Process Manipulating Anti-Disassembly Anti-Monitoring Data Obfuscation Anti-Forensic Network Evasion Others Packers Anti-Machine Learning
Checking memory artifcacts Evading hash signature IsDebuggerPresent Process hollowing API Obfuscation Disable process XOR Remove event log Fast flux Infection by localisation Packer compression Direct gradient-based attacks
MAC address detection Evading specific signature CheckRemoteDebuggerPresent Reflective DLL injection Control Flow Graph Flatening Check running process Base64 Wipe disk Double fast flux Detect language installed Crypter Attacks against models that report a score
Registry keys detection PE format tricks NtQueryInformationProcess Suspend inject and resume Dead code insertion Find window Cesar/ROT Melt file DGA Malicious shortcut Virtual machine Binary black-box attacks
Checking process Fingerprinting emulator NtSetInformationThread Hook injection Spaghetti code Detect parent process ROL Hidden attributes DNS Tunnelling Deadline infection Binder Cleverhans Attacks
Checking files Big file NtQueryObject Injection via registry modification Obscuring flow control Check token privilege Cryptography Delete MBR Traffic encapsulation Code Signing Carlini/Wagner-L2 attacks
Running process Loading critical library for the OS OutputDebugString APC injection Impossible disassembly leverage script languages Hash algorithm Encryption Tor Network CMSTP (Microsoft Connection Manager Profile Installer ) DeepFool
Querying the I/O communication port File format confusion EventPairHandles Atom bombing Jump with same target Disabling User Assist Custom algorithm Disabling User Assist Proxy connexion Control Panel Item Universal Adversarial Perturbations
Checking folder Bypassing static heuristic CsrGetProcessID Extra window memory injection Opcode obfuscation Disabling Logs File RC4 Disabling Logs File Fuzzy WHOIS DLL Search Order Hijacking Concept drift
Hooked function File splitting CloseHandle / NtClose Injection using shims Dynamically computed target address File Deletion Typosquatting Modeling error
SIDT / Red Pill Disabling antivirus IsDebugged Flag IAT Hooking Disassembly desynchronisation Hidden Files and Directories Peer to peer CnC Bayes error rate
SGDT instruction Adding antivirus exception Heap Flag PE Injection Constant unfolding NTFS File Attributes Social network API
SLDT instruction Fake signature NtGlobalFlag Process Doppelganging Data encoding schemes Malwaretising
SMSW instruction redirect antivirus website RDTSC PROPagate Arithmetic Substitution via identities
STR instruction Stolen certificate GetTickCount Ctrl+Inject Pattern based obfuscation
CPUID instruction Code Cave NtQueryPerformanceCounter Fileless Functions IN/Out-lining
IN instruction FindWindow Process camouflage / Masquerading Destruction of Sequential en temporal locality
RDTSC instruction FindProcess COM Hijacking Processor based control indirection
VMCPUID instruction BadStringFormat Extra Window Memory Injection OS based control indirection
VPCEXT instruction TLS Callback Image File Execution Options Injection Opaque predicates
Onset delay Unhandled Exception Filter Indirect Command Execution Register reassignment
Stalling code Performing code checksum Inline hooking Code transposition
Extended sleep code Interrupts Process Reimaging Code normalization
User interaction INT Scanning Garbage byte
Office recent files Suspend thread Fake conditional jump
Screen resolution SoftICE – Interrupt 1 Call trick
Installed software Guard Pages Push Pop Math
Memory size NtSetDebugFilterState NOP Sequence
Drive size Code Integration
Hostname Junk code insertion
USB drive Stealth Import of the Windows API
Printer Function Call Obfuscation
Number of processor
Hardware vendor checking
Check argument
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment