Adversaries may interact with the native OS application programming interface (API) to execute behaviors.Ĭontains ability to retrieve the fully qualified path of module (API string)Ĭontains ability to modify processes thread functionality (API string)Īdversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads.Īdversaries may create or modify system-level processes to repeatedly execute malicious payloads as part of persistence.Ĭontains ability to retrieve the contents of the STARTUPINFO structure (API string)Īdversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence.Ĭontains ability to create a service (API string)Īdversaries may duplicate then impersonate another user's token to escalate privileges and bypass access controls.Ĭontains ability to obtains specified information about the security of a file or directory (API string)Īdversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses.Ĭontains ability to install a hook procedure (API string)Īdversaries may employ various time-based methods to detect and avoid virtualization and analysis environments.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |