Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Cybersecurity_Technique
|
| gptkbp:API |
SetWindowsHookEx
CreateRemoteThread NtCreateThreadEx QueueUserAPC VirtualAllocEx WriteProcessMemory |
| gptkbp:canBeBypassedBy |
Security Controls
|
| gptkbp:category |
gptkb:Defense_Evasion
gptkb:Privilege_Escalation Execution |
| gptkbp:describedBy |
gptkb:MITRE_ATT&CK
|
| gptkbp:detects |
gptkb:Endpoint_Detection_and_Response
Behavioral Analysis |
| gptkbp:enables |
Code Execution in Remote Process
|
| gptkbp:example |
gptkb:DLL_Injection
APC Injection AtomBombing Portable Executable Injection Process Hollowing Reflective DLL Injection Shellcode Injection Thread Execution Hijacking |
| gptkbp:firstDocumented |
1990s
|
| gptkbp:hasTechniqueID |
T1055
|
| gptkbp:mitigatedBy |
Code Signing
Endpoint Security Solutions Application Whitelisting Behavioral Monitoring Memory Protection |
| gptkbp:purpose |
Evade Detection
Escalate Privileges Execute Malicious Code Maintain Persistence Steal Information |
| gptkbp:relatedTo |
gptkb:Remote_Access_Trojan
Rootkit Credential Dumping |
| gptkbp:target |
gptkb:macOS
gptkb:Windows_Operating_System Linux Operating System |
| gptkbp:usedBy |
gptkb:Advanced_Persistent_Threats
gptkb:Penetration_Testers gptkb:malware Banking Trojans |
| gptkbp:usedIn |
gptkb:malware
Penetration Testing |
| gptkbp:bfsParent |
gptkb:Defense_Evasion
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
Process Injection
|