A consultant notices that every new payload is flagged by the organization's protective software and is unable to disable it with limited permissions. Which approach is most likely to avoid detection and allow execution?
Rename the malicious code to an unnoticed file name
Use reflective loading to run malicious code in memory
Stop the protective software through the system dashboard
Reflective loading places the untrusted code directly into memory, which avoids many file-based scanning techniques. Renaming a file may not fool advanced scanning features. Stopping services typically requires privileged rights. Repackaging the code as a signed patch is beyond standard privileges and usually infeasible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is reflective loading?
Open an interactive chat with Bash
How does protective software detect malicious activity?