Runtime Detection Evasion
Premium roomLearn how to bypass common runtime detection measures, such as AMSI, using modern tool-agnostic approaches.
hard
To access material, start machines and answer questions login.
Set up your virtual environment
With the release of <3 the , Microsoft released (Anti-Malware Scan Interface), a runtime monitoring solution designed to stop and monitor ongoing threats.
Learning Objectives
- Understand the purpose of runtime detections and how they are instrumented.
- Learn and apply techniques to bypass .
- Understand common mitigations and potential alternatives to techniques.
Runtime detection measures can cause many headaches and roadblocks when executing malicious code. Luckily for us as attackers, there are several techniques and methods we can abuse and leverage to bypass common runtime detection solutions.
This room will use research from several authors and researchers; all credit goes to the respective owners.
Before beginning this room, familiarize yourself with operating system architecture as a whole. Basic programming knowledge in C# and is also recommended but not required.
We have provided a base Windows machine with the files needed to complete this room. You can access the machine in-browser or through using the credentials below.
Machine IP: MACHINE_IP Username: THM-Attacker Password: Tryhackme!
This is going to be a lot of information. Please buckle your seatbelts and locate your nearest fire extinguisher.
Ready to learn Cyber Security?
The Runtime Detection Evasion room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in