Defense Evasion

Type: tactic

Description: The adversary is trying to avoid being detected by security software and native controls.

Version: 0.1.0

Created At: 2024-10-11 16:54:32 +0300

Last Modified At: 2024-10-11 16:54:32 +0300

Tactic Order: 7

External References

Related Objects

• <-- Indirect Data Access (technique): An adversary can extract full documents through the RAG circumventing data security controls.
• <-- Distraction (technique): An adversary can avoid detection by combining benign instructions with their malicious ones.
• <-- Citation Silencing (technique): An adversary can bypass security mechanisms and audit logs that rely on citations.
• <-- Blank Image (technique): An adversary can avoid raising suspicion by avoiding rendering an image to carry exfiltrated data.
• <-- Conditional Execution (technique): An adversary can limit their attack to their specified targets to reduce their detection surface.
• <-- URL Familiarizing (technique): An adversary can bypass security mechanisms to allow future data exfiltration through URL in an attacker-controlled domain.
• <-- Delayed Execution (technique): An adversary can bypass controls and evade detection by delaying the execution of their malicious instructions..
• <-- ASCII Smuggling (technique): An adversary can avoid raising user suspicion.
• <-- RAG Injection (technique): An adversary can inject RAG results that are treated by the AI system as authentic.
• <-- These Aren't The Droids (technique): An adversary can avoid raising suspicion by hiding malicious instructions and their implications from the user.

Related Frameworks

• MITRE ATLAS - AML.TA0007
• MITRE ATT&CK - TA0005