Process Injection

URI: https://gptkb.org/entity/Process_Injection
GPTKB entity
Statements (50)
Predicate Object
gptkbp:instanceOf Cybersecurity Technique
gptkbp:API SetWindowsHookEx
CreateRemoteThread
NtCreateThreadEx
QueueUserAPC
VirtualAllocEx
WriteProcessMemory
gptkbp:canBeBypassedBy Security Controls
gptkbp:category gptkb:Defense_Evasion
gptkb:Privilege_Escalation
Execution
gptkbp:describedBy gptkb:MITRE_ATT&CK
gptkbp:detects gptkb:Endpoint_Detection_and_Response
Behavioral Analysis
gptkbp:enables Code Execution in Remote Process
gptkbp:example gptkb:DLL_Injection
APC Injection
AtomBombing
Portable Executable Injection
Process Hollowing
Reflective DLL Injection
Shellcode Injection
Thread Execution Hijacking
gptkbp:firstDocumented 1990s
gptkbp:hasTechniqueID T1055
https://www.w3.org/2000/01/rdf-schema#label Process Injection
gptkbp:mitigatedBy Code Signing
Endpoint Security Solutions
Application Whitelisting
Behavioral Monitoring
Memory Protection
gptkbp:purpose Evade Detection
Escalate Privileges
Execute Malicious Code
Maintain Persistence
Steal Information
gptkbp:relatedTo Remote Access Trojan
Rootkit
Credential Dumping
gptkbp:target gptkb:macOS
gptkb:Windows_Operating_System
Linux Operating System
gptkbp:usedBy gptkb:Advanced_Persistent_Threats
gptkb:Penetration_Testers
malware
Banking Trojans
gptkbp:usedIn malware
Penetration Testing
gptkbp:bfsParent gptkb:Defense_Evasion
gptkbp:bfsLayer 7