Advanced evasion tactics using Bash
While basic obfuscation techniques can be effective, more sophisticated evasion tactics are often necessary to bypass advanced security measures. This section explores advanced evasion methods using Bash.
Timing-based evasion involves executing code based on specific time conditions, making it harder for security solutions to detect malicious activity. For example, I’ve bypassed AV on multiple occasions by encoding or encrypting my payloads in the script or executable and inserting code to make it sleep for some time before decoding or decrypting and running the payload. AV and EDR vendors do not want to upset customers by taking up valuable system resources or making the system appear to be slow. Therefore, sometimes simple pauses for a few minutes before performing malicious activity are all you need.
Tip
AV and EDR vendors are catching on to the use of simple sleep statements. It’s often necessary to use techniques more...
