Which tactic involves encoding malware so it doesn't match signatures?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which tactic involves encoding malware so it doesn't match signatures?

Explanation:
Encoding malware so it doesn't match signatures targets antivirus detection that relies on static patterns. When the payload is encoded, the exact bytes seen by a signature-based detector change, so known signatures don’t match. A small loader then decodes or reconstructs the original malware in memory to execute. This obfuscation/decryption approach is a classic way to bypass signature databases until defenses adapt or move to behavioral analysis. The other options don’t describe this technique: social engineering is about manipulating people, ghost writing is about authorship, and a custom compile changes the binary but not through encoding to evade signatures.

Encoding malware so it doesn't match signatures targets antivirus detection that relies on static patterns. When the payload is encoded, the exact bytes seen by a signature-based detector change, so known signatures don’t match. A small loader then decodes or reconstructs the original malware in memory to execute. This obfuscation/decryption approach is a classic way to bypass signature databases until defenses adapt or move to behavioral analysis. The other options don’t describe this technique: social engineering is about manipulating people, ghost writing is about authorship, and a custom compile changes the binary but not through encoding to evade signatures.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy