> For the complete documentation index, see [llms.txt](https://ivalexev.gitbook.io/rednote/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ivalexev.gitbook.io/rednote/pentesting-process/software-attacks/av-evasion-and-obfuscation.md).

# AV Evasion & Obfuscation

## Sites

<table><thead><tr><th width="190.3636474609375"></th><th></th></tr></thead><tbody><tr><td><a href="https://kleenscan.com/index">Kleenscan</a></td><td>Not divulge any submitted sample to third parties.</td></tr><tr><td><a href="https://www.virustotal.com/gui/home/upload">VirusTotal</a></td><td>Once scanned, the platform sends our sample to every antivirus vendor that has an active membership.</td></tr></tbody></table>

## <mark style="color:purple;">On-disk</mark>

* Packers
* Crypters
* Obfuscators
* Anti-debugging
* Anti-reversing
* VM / sandbox detection

## <mark style="color:orange;">In-memory</mark>

* Remote Process Memory Injection
  * *attempts to inject the payload into another valid PE that is not malicious.*
* Reflective DLL Injection
  * *attempts to load a DLL stored by the attacker in the process memory.*
* Process Hollowing
  * *attempts to launch a non-malicious process in suspended state, remove its image from memory, and replace it with a malicious executable before resuming execution.*
* Inline hooking
  * *attempts to modify memory by introducing a hook into a function to redirect code execution to malicious code, then return to the modified function to resume normal execution.*
