Statements (51)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:cybersecurity_attack_technique
|
| gptkbp:canBe |
gptkb:advanced_persistent_threat
gptkb:malware red team |
| gptkbp:canBeBypassedBy |
security controls
application whitelisting |
| gptkbp:category |
gptkb:Defense_Evasion
gptkb:Privilege_Escalation Execution Initial Access Persistence |
| gptkbp:describedBy |
gptkb:MITRE_ATT&CK
|
| gptkbp:detects |
process monitoring
file integrity monitoring registry monitoring |
| gptkbp:documentedIn |
MITRE ATT&CK T1574
|
| gptkbp:method |
Service Registry Permissions Weakness
AppInit DLLs COR_PROFILER Hijacking Component Object Model Hijacking DLL Search Order Hijacking DLL Side-Loading Executable File Overwrite Path Interception |
| gptkbp:mitigatedBy |
application control
updating software monitoring DLL loads restricting file and directory permissions |
| gptkbp:obtainedFrom |
persistence
privilege escalation arbitrary code execution defense evasion |
| gptkbp:platform |
gptkb:Windows
gptkb:macOS gptkb:Linux |
| gptkbp:relatedTo |
gptkb:DLL_Injection
Code Injection Process Doppelgänging Process Hollowing |
| gptkbp:riskFactor |
high
|
| gptkbp:tactics |
gptkb:Defense_Evasion
gptkb:Privilege_Escalation Execution Persistence |
| gptkbp:target |
application processes
operating system processes |
| gptkbp:technique |
T1574
|
| gptkbp:usedIn |
post-exploitation
|
| gptkbp:bfsParent |
gptkb:Defense_Evasion
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
Hijack Execution Flow
|