Hunting and Defeating Evasive Threats

This report reviews prevalent attacker evasion techniques—crypting/FUD to bypass antivirus, loaders delivered via Office macros that launch trusted processes, DNS tunneling for stealthy C2 and exfiltration, and internal proxying of RDP—and provides practical detection guidance for threat hunters (detailed process/command-line logging, DNS query logging, and Windows event monitoring) to improve detection and response.