Stealth techniques can aid an attacker in a variety of ways:

  • Concealing a presence on a system
  • Concealing command and control channels
  • Concealing information gathering
  • Concealing data exfiltration

Stealth techniques are usually used in two primary categories:

  • Root kits
    • Hidden files – this includes both program related files and data files and often an entire folder or directory is hidden, enabling any file placed into that folder to be also hidden
    • Hidden processes – prevents running processes from being observed, can also involve injection of program subroutines into other running processes or program files
    • Hidden communications (see covert channels)
  • Covert channels
    • Embedded in unusual protocol fields – data can be embedded into fields that are not usually used for data, data can also be obfuscated so it not obvious that it is data
    • Timing channels – data can be transmitted (usually in binary fashion) by timing sequences that involve when a packet is sent or the sequence of a series of packets
    • Encryption – data being communicated via covert channels is often encrypted to make it even harder to identify and/or intercept

Leave a Reply

You must be logged in to post a comment.