hello and welcome to another application of the minor attack framework discussion today. We're going to be discussing what is defense evasion with respect to this particular phase of the minor attack framework. So jumping right in
defense evasion, inspector, the Threat Actor is attempting to avoid
detection. And so that is the key.
So there are a lot of different techniques that a threat actor can use to try to avoid detection. Some of those include uninstalling, security components, office cation of information and data, and it can induce include things like payloads and scripts. And so
we've talked a little bit about some different ways that threat actors currently get into organizations using things like power shell manipulating, services, evading antivirus. Part of that
is done through this defensive Asian phase again. Ah, lot of these faces happen
in tandem with one another due to staging payloads or having scripts that allow the Threat actor to move through multiple areas at one time.
It would be very ineffective if they had to do all of the things that led up to defensive Asian manually instead of doing it with automation, because that could lead to detection. So what are some of the things that were going to be looking at in this particular phase?
Well, we're going to look at clearing command history, compiling after delivery. So these two things clearing command histories essentially where the Threat actor tries to kind of cover their tracks and make a little harder for you to know what was going on. Compile after delivery
is essentially when the payload is delivered to the system in a manner that it's not put together.
Disabling security tools, hidden files or directories, which we're going to look at hidden users hit and window process hollowing and software packing. So
all of these things can be used individually or collectively to do some defense evasion or avoid things like i ps ideas, logging systems, making sure that users don't suspect that something's going on. So all of this is going to be beneficial in how a threat actor would
evade and organizations defenses.
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon