![]() Scans for the windows taskbar (may be used for explorer injection)įound a string that may be used as part of an injection method Process injection is a method of executing arbitrary code in the address space of a separate live process. Opens the Kernel Security Device Driver (KsecDD) of Windows ![]() Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components.Įxecutes WMI queries known to be used for VM detection Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.Ĭontains ability to open/control a service
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |