Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Cybersecurity Technique
|
gptkbp:API |
SetWindowsHookEx
CreateRemoteThread NtCreateThreadEx QueueUserAPC VirtualAllocEx WriteProcessMemory |
gptkbp:canBeBypassedBy |
Security Controls
|
gptkbp:category |
gptkb:Defense_Evasion
gptkb:Privilege_Escalation Execution |
gptkbp:describedBy |
gptkb:MITRE_ATT&CK
|
gptkbp:detects |
gptkb:Endpoint_Detection_and_Response
Behavioral Analysis |
gptkbp:enables |
Code Execution in Remote Process
|
gptkbp:example |
gptkb:DLL_Injection
APC Injection AtomBombing Portable Executable Injection Process Hollowing Reflective DLL Injection Shellcode Injection Thread Execution Hijacking |
gptkbp:firstDocumented |
1990s
|
gptkbp:hasTechniqueID |
T1055
|
https://www.w3.org/2000/01/rdf-schema#label |
Process Injection
|
gptkbp:mitigatedBy |
Code Signing
Endpoint Security Solutions Application Whitelisting Behavioral Monitoring Memory Protection |
gptkbp:purpose |
Evade Detection
Escalate Privileges Execute Malicious Code Maintain Persistence Steal Information |
gptkbp:relatedTo |
Remote Access Trojan
Rootkit Credential Dumping |
gptkbp:target |
gptkb:macOS
gptkb:Windows_Operating_System Linux Operating System |
gptkbp:usedBy |
gptkb:Advanced_Persistent_Threats
gptkb:Penetration_Testers malware Banking Trojans |
gptkbp:usedIn |
malware
Penetration Testing |
gptkbp:bfsParent |
gptkb:Defense_Evasion
|
gptkbp:bfsLayer |
7
|