Statements (32)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Cybersecurity attack technique
|
gptkbp:describes |
Technique of running code within the address space of another process by forcing it to load a dynamic-link library (DLL).
|
gptkbp:detects |
Can be detected by monitoring process memory and loaded modules
|
gptkbp:field |
Software engineering
Computer security |
gptkbp:firstDocumented |
1990s
|
https://www.w3.org/2000/01/rdf-schema#label |
DLL Injection
|
gptkbp:method |
AppInit_DLLs registry key
Manual mapping Reflective DLL injection Remote thread creation SetWindowsHookEx API |
gptkbp:platform |
gptkb:Microsoft_Windows
|
gptkbp:prevention |
Enabling Address Space Layout Randomization (ASLR)
Enabling Data Execution Prevention (DEP) Restricting user privileges Use of code signing |
gptkbp:purpose |
To execute arbitrary code in the context of another process
|
gptkbp:relatedTo |
API hooking
Code injection Process hollowing |
gptkbp:riskFactor |
Can be used to bypass security controls
Can be used to escalate privileges Can be used to steal sensitive information |
gptkbp:target |
Antivirus evasion
Banking trojans Game cheating Password stealing malware |
gptkbp:usedIn |
Penetration testing
Malware development |
gptkbp:bfsParent |
gptkb:Privilege_Escalation
|
gptkbp:bfsLayer |
6
|