What are two evasion methods used by hackers? (Choose two.)

encryption
phishing
access attack
resource exhaustion
scanning

For more Questions and Answers:

CyberOps Associate 1.02 & CA v1.0 Modules 13 – 17: Threats and Attacks Group Exam Answers Full 100%

✅ Correct Answers: Encryption and Resource Exhaustion

🔍 Introduction: Evasion Methods in Cyberattacks

As cybersecurity defenses become more sophisticated, attackers are constantly adapting their methods to evade detection by firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and endpoint protection systems. These evasion techniques are crafted to bypass security mechanisms, stay hidden, and successfully carry out malicious activities.

Among the most commonly used evasion methods, encryption and resource exhaustion stand out as powerful tools in a hacker’s arsenal.

✅ 1. Encryption – Hiding Malicious Intent

🔐 What is Encryption in Evasion?

Encryption, in the context of hacking, refers to the process of scrambling malware payloads, command and control (C2) traffic, or malicious communications so they are unreadable to intrusion detection or prevention systems (IDS/IPS), firewalls, or antivirus tools.

🔎 Purpose of Encryption:

To bypass content inspection by security systems.
To obfuscate malware code, making reverse engineering difficult.
To hide the payload until it reaches the target, where it is decrypted and executed.

💡 How Hackers Use Encryption:

a) Encrypted Malware Payloads

Malware is sent in encrypted form.
Only after it reaches the target system is it decrypted and executed.
This prevents security tools from detecting it in transit.

b) SSL/TLS Encryption for C2 Communication

Attackers use HTTPS or TLS to encrypt traffic between compromised systems and their command and control servers.
Network security tools cannot inspect encrypted payloads unless SSL inspection is configured.

c) Use of Encryption in Fileless Attacks

PowerShell scripts or obfuscated JavaScript may contain encrypted strings that decode themselves at runtime.

🔒 Common Tools and Techniques:

AES/RSA Encryption in malware code
Base64 obfuscation
TLS/SSL tunneling
Custom or proprietary encryption algorithms

🛡️ Why It’s Effective:

Encryption conceals the content of communication or payloads, so signature-based detection fails unless the malware behavior is detected after execution.

✅ 2. Resource Exhaustion – Overloading Systems

⚠️ What is Resource Exhaustion?

Resource exhaustion is a technique where attackers consume excessive system resources (CPU, RAM, bandwidth, or connections) on a host or network device, disabling or reducing the effectiveness of security monitoring tools or other critical services.

This method is both an evasion and a disruption tactic.

🧨 Examples of Resource Exhaustion Attacks:

a) Denial of Service (DoS) Attacks

Overwhelm a server or device with requests so that it becomes unresponsive.
During the chaos, attackers may exfiltrate data or install malware without detection.

b) Flooding Security Logs

Send large volumes of benign or meaningless traffic to flood logs.
Analysts are unable to identify real threats buried in noise (log poisoning).

c) CPU/Memory Exhaustion

Exploit vulnerabilities that make a device consume all its memory or CPU.
Security software may crash or fail to function properly.

d) Connection Table Overload

Firewalls and routers have connection tables that track sessions.
Flooding them with connection requests (e.g., SYN floods) can prevent new legitimate or monitoring sessions from forming.

🛡️ Why It’s Effective:

Slows down or disables detection systems
Creates gaps in monitoring
Facilitates other attacks by drawing attention away or weakening defenses

❌ Why the Other Options Are Incorrect

❌ Phishing

Phishing is an access technique, not an evasion method.
It is used to trick users into giving away credentials or clicking malicious links.
While effective, phishing is about initial compromise, not bypassing detection systems.

❌ Access Attack

An access attack is a type of attack, not a method of evading detection.
It aims to gain unauthorized access to resources.
Techniques used in access attacks (e.g., brute force) can trigger alerts if not paired with evasion methods.

❌ Scanning

Scanning (e.g., port scanning or vulnerability scanning) is a reconnaissance technique.
It identifies potential weaknesses in a system but does not in itself hide or bypass security controls.
In fact, scanning is often detected and flagged by security monitoring tools.

🛡️ Other Evasion Techniques (For Context)

In addition to encryption and resource exhaustion, other well-known evasion tactics include:

Technique	Description
Traffic Fragmentation	Breaks payload into small packets to bypass signature detection.
Protocol-level Misinterpretation	Abuses inconsistencies in how devices interpret protocols.
Rootkits	Hide malware processes or files from the OS and security tools.
Tunneling	Encapsulates malicious traffic inside allowed protocols (e.g., DNS tunneling).
Pivoting	Uses one compromised host to attack others in the network undetected.

🔚 Conclusion

Hackers are not only concerned with gaining access to systems but also with remaining undetected. Encryption allows them to hide their tools and communications from inspection, while resource exhaustion can weaken or disable security monitoring and response systems. Both are sophisticated evasion techniques that, when used properly, can enable long-term compromise and exfiltration of sensitive data.

To defend against these threats, organizations must deploy:

Deep packet inspection and SSL/TLS decryption
Behavioral and heuristic analysis
Rate-limiting and traffic shaping
Strong endpoint monitoring and logging
Incident response planning

✅ Final Answers:

✔️ Encryption
✔️ Resource Exhaustion

These are powerful evasion strategies used by attackers to avoid detection while carrying out malicious actions.