fr0gger · July 7, 2021 16:25
diff --git a/unprotect_matrix.csv b/unprotect_matrix.csv
Anti-Sandboxing	Antivirus Evasion	Anti-Debugging	Process Manipulating	Anti-Disassembly	Anti-Monitoring	Data Obfuscation	Anti-Forensic	Network Evasion	Others	Packers	Anti-Machine Learning
Checking memory artifcacts	Evading hash signature	IsDebuggerPresent	Process hollowing	API Obfuscation	Disable process	XOR	Remove event log	Fast flux	Infection by localisation	Packer compression	Direct gradient-based attacks
MAC address detection	Evading specific signature	CheckRemoteDebuggerPresent	Reflective DLL injection	Control Flow Graph Flatening	Check running process	Base64	Wipe disk	Double fast flux	Detect language installed	Crypter	Attacks against models that report a score
Registry keys detection	PE format tricks	NtQueryInformationProcess	Suspend inject and resume	Dead code insertion	Find window	Cesar/ROT	Melt file	DGA	Malicious shortcut	Virtual machine	Binary black-box attacks
Checking process	Fingerprinting emulator	NtSetInformationThread	Hook injection	Spaghetti code	Detect parent process	ROL	Hidden attributes	DNS Tunnelling	Deadline infection	Binder	Cleverhans Attacks
Checking files	Big file	NtQueryObject	Injection via registry modification	Obscuring flow control	Check token privilege	Cryptography	Delete MBR	Traffic encapsulation	Code Signing		Carlini/Wagner-L2 attacks
Running process	Loading critical library for the OS	OutputDebugString	APC injection	Impossible disassembly	leverage script languages	Hash algorithm	Encryption	Tor Network	CMSTP (Microsoft Connection Manager Profile Installer )		DeepFool
Querying the I/O communication port	File format confusion	EventPairHandles	Atom bombing	Jump with same target	Disabling User Assist	Custom algorithm	Disabling User Assist	Proxy connexion	Control Panel Item		Universal Adversarial Perturbations
Checking folder	Bypassing static heuristic	CsrGetProcessID	Extra window memory injection	Opcode obfuscation	Disabling Logs File	RC4	Disabling Logs File	Fuzzy WHOIS	DLL Search Order Hijacking		Concept drift
Hooked function	File splitting	CloseHandle / NtClose	Injection using shims	Dynamically computed target address			File Deletion	Typosquatting			Modeling error
SIDT / Red Pill	Disabling antivirus	IsDebugged Flag	IAT Hooking	Disassembly desynchronisation			Hidden Files and Directories	Peer to peer CnC			Bayes error rate
SGDT instruction	Adding antivirus exception	Heap Flag	PE Injection	Constant unfolding			NTFS File Attributes	Social network API
SLDT instruction	Fake signature	NtGlobalFlag	Process Doppelganging	Data encoding schemes				Malwaretising
SMSW instruction	redirect antivirus website	RDTSC	PROPagate	Arithmetic Substitution via identities
STR instruction	Stolen certificate	GetTickCount	Ctrl+Inject	Pattern based obfuscation
CPUID instruction	Code Cave	NtQueryPerformanceCounter	Fileless	Functions IN/Out-lining
IN instruction		FindWindow	Process camouflage / Masquerading	Destruction of Sequential en temporal locality
RDTSC instruction		FindProcess	COM Hijacking	Processor based control indirection
VMCPUID instruction		BadStringFormat	Extra Window Memory Injection	OS based control indirection
VPCEXT instruction		TLS Callback	Image File Execution Options Injection	Opaque predicates
Onset delay		Unhandled Exception Filter	Indirect Command Execution	Register reassignment
Stalling code		Performing code checksum	Inline hooking	Code transposition
Extended sleep code		Interrupts	Process Reimaging	Code normalization
User interaction		INT Scanning		Garbage byte
Office recent files		Suspend thread		Fake conditional jump
Screen resolution		SoftICE – Interrupt 1		Call trick
Installed software		Guard Pages		Push Pop Math
Memory size		NtSetDebugFilterState		NOP Sequence
Drive size				Code Integration
Hostname				Junk code insertion
USB drive				Stealth Import of the Windows API
Printer				Function Call Obfuscation
Number of processor
Hardware vendor checking
Check argument