Last year we published the Evasions Encyclopedia which got a warm perception across the cyber security community.
However, the Encyclopedia had some uncovered spots until now and we are proud to announce the latest update to fill these gaps.
In this update we introduce three new articles to cover the following topics:
* Timing
* Human-like behavior
* Windows Management Instrumentation
Agent Tesla, malware known from 2014, has gone a long way to evolve from a simple Stealer to and advanced RAT. In April 2020 it made the way to top 3 of the most prevalent malware families at the moment.
Did you know that latest iteration of Agent Tesla malware (v3) implements an evasion technique described in “Human-like behavior” section though does it in a wrong way?
In the latest update of the Check Point Evasions Encyclopedia we describe the correct implementation of the technique mis-used in Agent Tesla along with other ways used by malware to detect sandboxes.
Are you interested in learning how sleep-skipping feature works?
Or how the evasion techniques are used just with the help of GUI controls?
Read further and find out!
It’s important to add that Check Point researchers have produced their own open-source tool called InviZzzible.
If you want to contribute to this encyclopedia, you’re more than welcome to create pull requests in its github.
So check out all the repositories, browse through evasions encyclopedia and enjoy the journey!
https://evasions.checkpoint.com/