GET

Featured Api Instance

GET /api/featured_api/1/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "https://unprotect.it/api/featured_api/1/?format=api",
    "library": {
        "id": 1,
        "name": "Kernel32.dll",
        "description": ""
    },
    "name": "CreateRemoteThread",
    "ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread?WT.mc_id=SEC-MVP-5005282",
    "from_msdn": true,
    "caution_level": "high",
    "description": "CreateRemoteThread is a Windows API function that allows a program to create a new thread in the address space of another process. This can be used for a variety of purposes, both legitimate and malicious.\r\n\r\nBad actors may use CreateRemoteThread to inject malicious code into a legitimate process, allowing them to evade detection and persist on a system. For example, a malware that uses CreateRemoteThread to inject itself into a system process such as explorer.exe or svchost.exe would be able to run with the same permissions as the host process, making it more difficult to detect and remove.\r\n\r\nAnother example is a attackers can use CreateRemoteThread to inject a DLL into a running process which will execute the malicious code inside the process with the same privilege level as the process itself, which can be used to perform various malicious activities such as keylogging, privilege escalation, or downloading additional malware.\r\n\r\nIt is important to note that CreateRemoteThread can be used for legitimate purposes as well, such as for debugging or for inter-process communication. However, it can also be abused by attackers to compromise a system.",
    "featured_in": [
        {
            "id": 93,
            "name": "DLL Injection via CreateRemoteThread and LoadLibrary",
            "url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
        },
        {
            "id": 118,
            "name": "PE Injection",
            "url": "https://unprotect.it/technique/pe-injection/"
        },
        {
            "id": 167,
            "name": "File Melt",
            "url": "https://unprotect.it/technique/file-melt/"
        },
        {
            "id": 178,
            "name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
            "url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
        },
        {
            "id": 208,
            "name": "NLS Code Injection Through Registry",
            "url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
        }
    ]
}