Hijack Execution Flow

GPTKB entity

Statements (51)
Predicate Object
gptkbp:instanceOf cybersecurity attack technique
gptkbp:canBe malware
advanced persistent threat
red team
gptkbp:canBeBypassedBy security controls
application whitelisting
gptkbp:category gptkb:Defense_Evasion
gptkb:Privilege_Escalation
Execution
Initial Access
Persistence
gptkbp:describedBy gptkb:MITRE_ATT&CK
gptkbp:detects process monitoring
file integrity monitoring
registry monitoring
gptkbp:documentedIn MITRE ATT&CK T1574
https://www.w3.org/2000/01/rdf-schema#label Hijack Execution Flow
gptkbp:method Service Registry Permissions Weakness
AppInit DLLs
COR_PROFILER Hijacking
Component Object Model Hijacking
DLL Search Order Hijacking
DLL Side-Loading
Executable File Overwrite
Path Interception
gptkbp:mitigatedBy application control
updating software
monitoring DLL loads
restricting file and directory permissions
gptkbp:obtainedFrom persistence
privilege escalation
arbitrary code execution
defense evasion
gptkbp:platform gptkb:Windows
gptkb:macOS
gptkb:Linux
gptkbp:relatedTo gptkb:DLL_Injection
Code Injection
Process Doppelgänging
Process Hollowing
gptkbp:riskFactor high
gptkbp:tactics gptkb:Defense_Evasion
gptkb:Privilege_Escalation
Execution
Persistence
gptkbp:target application processes
operating system processes
gptkbp:technique T1574
gptkbp:usedIn post-exploitation
gptkbp:bfsParent gptkb:Defense_Evasion
gptkbp:bfsLayer 7