Evasion Methods

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

flashcard set

Earn XP

Description and Tags

Evasion Methods for Cisco CyOps Associate

Other Subject

Cisco

CyberOps Associate 1.02

Cybersecurity

12th

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards
Encryption and tunneling
This evasion technique uses tunneling to hide, or encryption to scramble, malware files. This makes it difficult for many security detection techniques to detect and identify the malware. Can mean hiding stolen data inside of legitimate packets.
2
New cards
Resource exhaustion
This evasion technique makes the target host too busy to properly use security detection techniques.
3
New cards
Traffic fragmentation
This evasion technique splits a malicious payload into smaller packets to bypass network security detection. After the fragmented packets bypass the security detection system, the malware is reassembled and may begin sending sensitive data out of the network.
4
New cards
Protocol-level misinterpretation
This evasion technique occurs when network defenses do not properly handle features of a PDU like a checksum or TTL value. This can trick a firewall into ignoring packets that it should check.
5
New cards
Traffic substitution
In this evasion technique, the threat actor attempts to trick an IPS by obfuscating the data in the payload. This is done by encoding it in a different format.
6
New cards
Traffic insertion
Similar to traffic substitution, but the threat actor inserts extra bytes of data in a malicious sequence of data. The IPS rules miss the malicious data, accepting the full sequence of data.
7
New cards
Pivoting
This technique assumes the threat actor has compromised an inside host and wants to expand their access further into the compromised network. An example is a threat actor who has gained access to the administrator password on a compromised host and is attempting to login to another host using the same credentials.
8
New cards
Rootkit
A complex attacker tool used by experienced threat actors. It integrates with the lowest levels of the operating system. When a program attempts to list files, processes, or network connections, it presents a sanitized version of the output, eliminating any incriminating output. The goal is to completely hide the activities of the attacker on the local system.
9
New cards
Proxies
Network traffic can be redirected through intermediate systems in order to hide the ultimate destination for stolen data.

Explore top notes

Explore top flashcards