Unprotect [Project]

The search engine about Malware Evasion Techniques: https://unprotect.it

Thomas Roccia
SecurityBreak
Published in
4 min readAug 5, 2020

I have been studying malware for a while and more specifically evasion techniques or defense evasion (ATT&CK Matrix naming). I presented several of my works at conferences, you can find some of them on my SpeakerDeck.

Malware evasion is one of the most common tactics used by attackers and it can be used for many purposes, from hidden code to communication with the C2 server. There are different types of evasion techniques and I think it is very important to classify them.

I started the Unprotect Project in 2015 and it came out at Botconf 2016. Eventually last year I presented at BlackHat ASIA a wrapper for detecting evasion techniques used in Windows binaries. The initial objective of this project was to provide more details on the type of techniques that malware can use to evade security in place, but also to avoid reverse engineering and dynamic analysis.

At that time, in 2016, I was working as a security consultant. I was mainly doing incident response, but also threat hunting and penetration testing. Several times I have realised that malware are able to bypass the security in place due to misconfiguration or misunderstanding or due to best practices not always applied. Almost all the malware I have analysed…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Responses (1)

What are your thoughts?