Modern malware use fileless techniques to evade detection based on signature
Dropper or Downloader
Shellcode executed on target system
Shellcode refers to malware code that gives the attacker a shell
Maintain Access: Add infected system into C2 server
Strengthen Access: Try to compromise other system of higher values
Actions on Objectives: Achieve there goal/motive
Concealment: Erase traces of entry into system
Malware Delivery Techniques
Masquerading: Replace genuine executable with malicious executable
DDL Injection: Load malicious code during the load of an DLL
DLL Sideloading: Make program load malicious DDL by modifying its manifest
Process Hollowing: Load process in suspected state then unmap/hollow its memory location and rewrite it with malicious code. Takes over a place in memory
Living Off the Land (LOTL)
Exploitation technique that uses standard system tools and packages to perform intrusions Detecting adversaries that use this techniques is quite difficult as they are executing malware code using tools and processes that come standard on OSes