Statements (51)
Predicate | Object |
---|---|
gptkbp:instanceOf |
cybersecurity attack technique
|
gptkbp:canBe |
malware
advanced persistent threat red team |
gptkbp:canBeBypassedBy |
security controls
application whitelisting |
gptkbp:category |
gptkb:Defense_Evasion
gptkb:Privilege_Escalation Execution Initial Access Persistence |
gptkbp:describedBy |
gptkb:MITRE_ATT&CK
|
gptkbp:detects |
process monitoring
file integrity monitoring registry monitoring |
gptkbp:documentedIn |
MITRE ATT&CK T1574
|
https://www.w3.org/2000/01/rdf-schema#label |
Hijack Execution Flow
|
gptkbp:method |
Service Registry Permissions Weakness
AppInit DLLs COR_PROFILER Hijacking Component Object Model Hijacking DLL Search Order Hijacking DLL Side-Loading Executable File Overwrite Path Interception |
gptkbp:mitigatedBy |
application control
updating software monitoring DLL loads restricting file and directory permissions |
gptkbp:obtainedFrom |
persistence
privilege escalation arbitrary code execution defense evasion |
gptkbp:platform |
gptkb:Windows
gptkb:macOS gptkb:Linux |
gptkbp:relatedTo |
gptkb:DLL_Injection
Code Injection Process Doppelgänging Process Hollowing |
gptkbp:riskFactor |
high
|
gptkbp:tactics |
gptkb:Defense_Evasion
gptkb:Privilege_Escalation Execution Persistence |
gptkbp:target |
application processes
operating system processes |
gptkbp:technique |
T1574
|
gptkbp:usedIn |
post-exploitation
|
gptkbp:bfsParent |
gptkb:Defense_Evasion
|
gptkbp:bfsLayer |
7
|