Evasion by De-optimization
by Ege Balci
Phrack Magazine Issue 71 article 15 2024
https://phrack.org/issues/71/15.html
Remark |
---|
bypassing security products |
packer |
encoder |
AV evasion |
Moneta |
PE sieve |
obfuscation, obfuscator |
arithmetic partitioning |
logical inverse |
polynomial transformation |
logical partitioning |
crypter |
command and control |
exploitation framework |
cryptographic cipher |
multi-byte encoding schemes |
visibility of decoder routines (as detection) |
static detection rules |
compiler optimization |
YARA rule |
LEA transform |
x86 |
instruction set |
register |
compiler toolchain |
LLVM |
intermediate representation |
iced_x86 |
Rust |
EXE |
ELF |
shared object |
DLL |
false positive |
ROR, SHR, SHL, ROL |
gadget |
register swapping |
xchg |
strings |
shellcode |
linear sweep |
depth-first search |
PoC |
Metasploit |
self-modifying code |