Tag

Evasion

5 briefs RSS

Detection of Obfuscated IP Address Usage in Download Commands

This brief details the use of obfuscated IP addresses within download commands, often employed to evade detection by hiding the true destination of malicious downloads.

Windows discovery evasion obfuscation

2r 2t Jan 27, 2024

high advisory

Windows Defender Enhanced Notification Disabled via Registry Modification

2 rules 1 TTP

An attacker modifies the Windows Registry to disable Windows Defender's Enhanced Notification feature, preventing users from receiving security alerts and potentially allowing malicious activities to go unnoticed, ultimately enabling persistence and evasion.

Windows Defender +3 registry-modification windows-defender persistence evasion

2r 1t Jan 3, 2024

medium advisory

Suspicious HTML File Creation Leading to Potential Payload Delivery

3 rules 3 TTPs

This detection identifies the creation of HTML files with high entropy and large size, followed by execution via a browser process, indicating potential HTML smuggling and malicious payload delivery on Windows systems.

Elastic Defend html-smuggling phishing initial-access windows evasion

3r 3t Jan 3, 2024

medium advisory

Detection of Obfuscated IP Addresses via Command Line Tools

3 rules 1 TTP

The use of command-line tools like ping.exe or arp.exe with obfuscated IP addresses (hex, octal, etc.) in the command line can indicate reconnaissance activity or attempts to evade security controls by masking the true destination.

Windows reconnaissance evasion command-line

3r 1t Jan 3, 2024

medium advisory

Cisco ASA Logging Filters Configuration Tampering

2 rules 1 TTP

Tampering with logging filter configurations on Cisco ASA devices can allow attackers to evade detection by reducing logging levels or disabling specific log categories.

ASA +3 cisco logging evasion

2r 1t Jan 3, 2024