HackingTheUniverse

Stealth techniques can aid an attacker in a variety of ways:

• Concealing a presence on a system
• Concealing command and control channels
• Concealing information gathering
• Concealing data exfiltration

Stealth techniques are usually used in two primary categories:

• Root kits
• Hidden files – this includes both program related files and data files and often an entire folder or directory is hidden, enabling any file placed into that folder to be also hidden
• Hidden processes – prevents running processes from being observed, can also involve injection of program subroutines into other running processes or program files
• Hidden communications (see covert channels)
• Covert channels
• Embedded in unusual protocol fields – data can be embedded into fields that are not usually used for data, data can also be obfuscated so it not obvious that it is data
• Timing channels – data can be transmitted (usually in binary fashion) by timing sequences that involve when a packet is sent or the sequence of a series of packets
• Encryption – data being communicated via covert channels is often encrypted to make it even harder to identify and/or intercept