Host-based hiding techniques
|Host-based hiding techniques|
Host based hiding techniques are designed to allow an adversary to remain undetected on a machine upon which they have taken action. They may do this through the use of static linking of binaries, polymorphic code, exploiting weakness in file formats, parsers, or self-deleting code.1
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: Some of the host-based hiding techniques require advanced knowledge combined with an understanding and awareness of the target's environment (e.g., exploiting weaknesses in file formats, parsers and detection capabilities).
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Techniques are difficult to detect and might occur in uncommon use-cases (e.g., patching, anti-malware, anti-exploitation software).