Unprotect [Project]
The search engine about Malware Evasion Techniques: https://unprotect.it
I have been studying malware for a while and more specifically evasion techniques or defense evasion (ATT&CK Matrix naming). I presented several of my works at conferences, you can find some of them on my SpeakerDeck.
Malware evasion is one of the most common tactics used by attackers and it can be used for many purposes, from hidden code to communication with the C2 server. There are different types of evasion techniques and I think it is very important to classify them.
I started the Unprotect Project in 2015 and it came out at Botconf 2016. Eventually last year I presented at BlackHat ASIA a wrapper for detecting evasion techniques used in Windows binaries. The initial objective of this project was to provide more details on the type of techniques that malware can use to evade security in place, but also to avoid reverse engineering and dynamic analysis.
At that time, in 2016, I was working as a security consultant. I was mainly doing incident response, but also threat hunting and penetration testing. Several times I have realised that malware are able to bypass the security in place due to misconfiguration or misunderstanding or due to best practices not always applied. Almost all the malware I have analysed…