Host-based hiding techniques

From pre-attack
Jump to: navigation, search

Host-based hiding techniques
ID PRE-T1091
Tactic Adversary OPSEC


Host based hiding techniques are designed to allow an adversary to remain undetected on a machine upon which they have taken action. They may do this through the use of static linking of binaries, polymorphic code, exploiting weakness in file formats, parsers, or self-deleting code.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Some of the host-based hiding techniques require advanced knowledge combined with an understanding and awareness of the target's environment (e.g., exploiting weaknesses in file formats, parsers and detection capabilities).


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Techniques are difficult to detect and might occur in uncommon use-cases (e.g., patching, anti-malware, anti-exploitation software).