What is Defense Evasion?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
hello and welcome to another application of the minor attack framework discussion today. We're going to be discussing what is defense evasion with respect to this particular phase of the minor attack framework. So jumping right in
00:16
defense evasion, inspector, the Threat Actor is attempting to avoid
00:23
detection. And so that is the key.
00:25
So there are a lot of different techniques that a threat actor can use to try to avoid detection. Some of those include uninstalling, security components, office cation of information and data, and it can induce include things like payloads and scripts. And so
00:42
we've talked a little bit about some different ways that threat actors currently get into organizations using things like power shell manipulating, services, evading antivirus. Part of that
00:54
is done through this defensive Asian phase again. Ah, lot of these faces happen
01:00
in tandem with one another due to staging payloads or having scripts that allow the Threat actor to move through multiple areas at one time.
01:11
It would be very ineffective if they had to do all of the things that led up to defensive Asian manually instead of doing it with automation, because that could lead to detection. So what are some of the things that were going to be looking at in this particular phase?
01:26
Well, we're going to look at clearing command history, compiling after delivery. So these two things clearing command histories essentially where the Threat actor tries to kind of cover their tracks and make a little harder for you to know what was going on. Compile after delivery
01:42
is essentially when the payload is delivered to the system in a manner that it's not put together.
01:48
Disabling security tools, hidden files or directories, which we're going to look at hidden users hit and window process hollowing and software packing. So
01:57
all of these things can be used individually or collectively to do some defense evasion or avoid things like i ps ideas, logging systems, making sure that users don't suspect that something's going on. So all of this is going to be beneficial in how a threat actor would
02:16
evade and organizations defenses.
02:20
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon
Up Next
Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By