Defense-Evasion

Defense Evasion refers to the techniques attackers use to avoid detection, bypass security controls, and remain undetected within a compromised environment. This SECMONS glossary entry explains how defense evasion works, common techniques, and how defenders can detect and counter them.

Mark of the Web (MOTW) is a Windows security mechanism that tags files downloaded from the internet to enforce additional protections such as warnings and restricted execution. This SECMONS glossary entry explains how MOTW works, why it matters in real-world exploitation, and how bypasses increase risk.

Multi-Factor Authentication (MFA) is a security control that requires users to provide two or more verification factors to gain access to an account or system. This SECMONS glossary entry explains how MFA works, its role in preventing credential-based attacks, and common bypass techniques attackers attempt.

Security Feature Bypass, commonly mapped to CWE-693 (Protection Mechanism Failure), refers to vulnerabilities that allow attackers to circumvent built-in security controls such as warnings, sandboxing, or policy enforcement. This SECMONS glossary entry explains how these weaknesses occur, why they are dangerous, and how defenders should interpret them in real-world risk scenarios.