Statements (32)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Cybersecurity_attack_technique
|
| gptkbp:describes |
Technique of running code within the address space of another process by forcing it to load a dynamic-link library (DLL).
|
| gptkbp:detects |
Can be detected by monitoring process memory and loaded modules
|
| gptkbp:field |
Software engineering
Computer security |
| gptkbp:firstDocumented |
1990s
|
| gptkbp:method |
AppInit_DLLs registry key
Manual mapping Reflective DLL injection Remote thread creation SetWindowsHookEx API |
| gptkbp:platform |
gptkb:Microsoft_Windows
|
| gptkbp:prevention |
Enabling Address Space Layout Randomization (ASLR)
Enabling Data Execution Prevention (DEP) Restricting user privileges Use of code signing |
| gptkbp:purpose |
To execute arbitrary code in the context of another process
|
| gptkbp:relatedTo |
API hooking
Code injection Process hollowing |
| gptkbp:riskFactor |
Can be used to bypass security controls
Can be used to escalate privileges Can be used to steal sensitive information |
| gptkbp:target |
Antivirus evasion
Banking trojans Game cheating Password stealing malware |
| gptkbp:usedIn |
Penetration testing
Malware development |
| gptkbp:bfsParent |
gptkb:Privilege_Escalation
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
DLL Injection
|