Since the Release XI of Aether, the technique of exploitation that has been detected is shown within the activity of exploits, along with the program that has been compromised.
In the following table you will find the different techniques monitored, as well as a brief description of these:
Name of Technique
Description of Technique
Metaploit shellcode signature detection
Reflective executable loading (metasploit, cobalt strike, etc)
Remote code injection via APCs
Execution of code in pages without execution permissions (32 bits only)
Hook bypass in running functions
Code execution on MEM_PRIVATE pages that do not correspond to a PE
Execution of memory management APIs when the stack is out of the thread's limits
GodMode technique in Internet Explorer
Process hollowing techniques / RunPE
Powershell - Reflective executable loading (mimikatz, etc)
Powershell - Reflective executable loading (mimikatz, etc))
NET reflective load (Assembly.Load)
Covenant detection framework
lsass Process Memory Dump
Local code execution via APC
Additionally, the possibility of excluding the detection of a technique for a specific program has been added. In this way, in the event that the client wants to allow, for whatever reason, an exception for a specific process or program, it can be done, and continue to protect the rest of the processes against this attempt at exploitation.
To do this, in the detection of the exploit, within the tooltip accessible from Action, there is the option Do not detect again.