What is Defense Evasion?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Application of the MITRE ATT&CK Framework
Course
Time
8 hours 29 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
hello and welcome to another application of the minor attack framework discussion today. We're going to be discussing what is defense evasion with respect to this particular phase of the minor attack framework. So jumping right in
00:16
defense evasion, inspector, the Threat Actor is attempting to avoid
00:23
detection. And so that is the key.
00:25
So there are a lot of different techniques that a threat actor can use to try to avoid detection. Some of those include uninstalling, security components, office cation of information and data, and it can induce include things like payloads and scripts. And so
00:42
we've talked a little bit about some different ways that threat actors currently get into organizations using things like power shell manipulating, services, evading antivirus. Part of that
00:54
is done through this defensive Asian phase again. Ah, lot of these faces happen
01:00
in tandem with one another due to staging payloads or having scripts that allow the Threat actor to move through multiple areas at one time.
01:11
It would be very ineffective if they had to do all of the things that led up to defensive Asian manually instead of doing it with automation, because that could lead to detection. So what are some of the things that were going to be looking at in this particular phase?
01:26
Well, we're going to look at clearing command history, compiling after delivery. So these two things clearing command histories essentially where the Threat actor tries to kind of cover their tracks and make a little harder for you to know what was going on. Compile after delivery
01:42
is essentially when the payload is delivered to the system in a manner that it's not put together.
01:48
Disabling security tools, hidden files or directories, which we're going to look at hidden users hit and window process hollowing and software packing. So
01:57
all of these things can be used individually or collectively to do some defense evasion or avoid things like i ps ideas, logging systems, making sure that users don't suspect that something's going on. So all of this is going to be beneficial in how a threat actor would
02:16
evade and organizations defenses.
02:20
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon
Up Next
View All
Instructed By
Robert Smith

Robert Smith

Director of Security Services at Corsica

Instructor
Similar Content
Become an Incident Handler
Career Path
Become an Incident Handler
In this Career Path, you will learn the incident response process, from building an incident ...
Information Security Fundamentals
Career Path
Information Security Fundamentals
The foundational networking and security concepts taught in this career path form the backbone of ...
MITRE ATT&CK Defender™ (MAD) ATT&CK® SOC Assessments Certification Training
Course
MITRE ATT&CK Defender™ (MAD) ATT&CK® SOC Assessments Certification Training
5
Do you know how to leverage the MITRE ATT&CK® framework to conduct Security Operations Center ...
2CEUs