A consultant notices that every new payload is flagged by the organization's protective software and is unable to disable it with limited permissions. Which approach is most likely to avoid detection and allow execution?
Stop the protective software through the system dashboard
Use reflective loading to run malicious code in memory
Rename the malicious code to an unnoticed file name
Reflective loading places the untrusted code directly into memory, which avoids many file-based scanning techniques. Renaming a file may not fool advanced scanning features. Stopping services typically requires privileged rights. Repackaging the code as a signed patch is beyond standard privileges and usually infeasible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is reflective loading?
Open an interactive chat with Bash
Why is renaming a file not effective against advanced scanning software?
Open an interactive chat with Bash
What are the limitations of stopping protective software?