Signature Evasion
Premium roomLearn how to break signatures and evade common AV, using modern tool-agnostic approaches.
medium
60 min
12,117
To access material, start machines and answer questions login.
An adversary may struggle to overcome specific detections when facing an advanced anti-virus engine or (Endpoint Detection & Response) solution. Even after employing some of the most common obfuscation or evasion techniques discussed in Obfuscation Principles, signatures in a malicious file may still be present.
To combat persistent signatures, adversaries can observe each individually and address them as needed.
In this room, we will understand what signatures are and how to find them, then attempt to break them following an agnostic thought process. To dive deeper and combat heuristic signatures, we will also discuss more advanced code concepts and “malware best practices.”
Learning Objectives
- Understand the origins of signatures and how to observe/detect them in malicious code
- Implement documented obfuscation methodology to break signatures
- Leverage non-obfuscation-based techniques to break non-function oriented signatures.
This room is a successor to Obfuscation Principles; we highly recommend completing it before this room if you have not already.
Before beginning this room, familiarize yourself with basic programming logic and syntax. Knowledge of C and is recommended but not required.
We have provided a base Windows machine with the files needed to complete this room. You can access the machine in-browser or through using the credentials below.
Machine IP: MACHINE_IP Username: Student Password: TryHackMe!
This is going to be a lot of information. Please locate your nearest hammer and fire extinguisher.
Ready to learn Cyber Security?
The Signature Evasion room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in