Dynamic instrumentation (Dynamic Binary Instrumentation - DBI) is a powerful technique
used by both security researchers and attackers. Tools
such as Frida, Dobby, Objection, LIEF, among others, allow injecting scripts into the application's process
in real time to intercept function calls, modify return values and bypass security logic without needing to modify the binary on disk.
Technical Mechanism: MAD uses advanced behavioral and
signature-based detection techniques:
• Anti-Hooking: Checks the integrity of critical functions' prologues in memory
(detecting trampolines or control-flow detours inserted by hooks).
• Memory and Process Scanning: Searches for known injected libraries
suspicious threads and open communication ports.
• Permission Detection: Monitors attempts to access protected memory
areas.
