HTTP 200 OK
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"count": 628,
"next": "https://unprotect.it/api/featured_api/?format=api&page=2",
"previous": null,
"results": [
{
"url": "https://unprotect.it/api/featured_api/1/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateRemoteThread",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "high",
"description": "CreateRemoteThread is a Windows API function that allows a program to create a new thread in the address space of another process. This can be used for a variety of purposes, both legitimate and malicious.\r\n\r\nBad actors may use CreateRemoteThread to inject malicious code into a legitimate process, allowing them to evade detection and persist on a system. For example, a malware that uses CreateRemoteThread to inject itself into a system process such as explorer.exe or svchost.exe would be able to run with the same permissions as the host process, making it more difficult to detect and remove.\r\n\r\nAnother example is a attackers can use CreateRemoteThread to inject a DLL into a running process which will execute the malicious code inside the process with the same privilege level as the process itself, which can be used to perform various malicious activities such as keylogging, privilege escalation, or downloading additional malware.\r\n\r\nIt is important to note that CreateRemoteThread can be used for legitimate purposes as well, such as for debugging or for inter-process communication. However, it can also be abused by attackers to compromise a system.",
"featured_in": [
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 118,
"name": "PE Injection",
"url": "https://unprotect.it/technique/pe-injection/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 208,
"name": "NLS Code Injection Through Registry",
"url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/2/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateThread",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createthread?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 55,
"name": "NtSetInformationThread",
"url": "https://unprotect.it/technique/ntsetinformationthread/"
},
{
"id": 75,
"name": "API Obfuscation",
"url": "https://unprotect.it/technique/api-obfuscation/"
},
{
"id": 119,
"name": "Process Doppelgänging",
"url": "https://unprotect.it/technique/process-doppelganging/"
},
{
"id": 161,
"name": "DNS API Injection",
"url": "https://unprotect.it/technique/dns-api-injection/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 170,
"name": "Process Herpaderping",
"url": "https://unprotect.it/technique/process-herpaderping/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 181,
"name": "Shellcode Injection via CreateThreadpoolWait",
"url": "https://unprotect.it/technique/shellcode-injection-via-createthreadpoolwait/"
},
{
"id": 220,
"name": "Hijack Execution Flow: DLL Search Order Hijacking",
"url": "https://unprotect.it/technique/hijack-execution-flow-dll-search-order-hijacking/"
},
{
"id": 359,
"name": "FuncIn",
"url": "https://unprotect.it/technique/funcin/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/3/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "VirtualAlloc",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 56,
"name": "NtQueryObject",
"url": "https://unprotect.it/technique/ntqueryobject/"
},
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 108,
"name": "Guard Pages",
"url": "https://unprotect.it/technique/guard-pages/"
},
{
"id": 110,
"name": "Reflective DLL injection",
"url": "https://unprotect.it/technique/reflective-dll-injection/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 115,
"name": "Extra Window Memory Injection",
"url": "https://unprotect.it/technique/extra-window-memory-injection/"
},
{
"id": 118,
"name": "PE Injection",
"url": "https://unprotect.it/technique/pe-injection/"
},
{
"id": 125,
"name": "NOP Sled",
"url": "https://unprotect.it/technique/nop-sled/"
},
{
"id": 153,
"name": "ConsoleWindowClass",
"url": "https://unprotect.it/technique/consolewindowclass/"
},
{
"id": 154,
"name": "Treepoline",
"url": "https://unprotect.it/technique/treepoline/"
},
{
"id": 155,
"name": "Listplanting",
"url": "https://unprotect.it/technique/listplanting/"
},
{
"id": 156,
"name": "OLEUM",
"url": "https://unprotect.it/technique/oleum/"
},
{
"id": 157,
"name": "EditWordBreakProc",
"url": "https://unprotect.it/technique/editwordbreakproc/"
},
{
"id": 158,
"name": "WordWarping",
"url": "https://unprotect.it/technique/wordwarping/"
},
{
"id": 160,
"name": "CLIPBRDWNDCLASS",
"url": "https://unprotect.it/technique/clipbrdwndclass/"
},
{
"id": 161,
"name": "DNS API Injection",
"url": "https://unprotect.it/technique/dns-api-injection/"
},
{
"id": 162,
"name": "Breaking BaDDEr",
"url": "https://unprotect.it/technique/breaking-badder/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 181,
"name": "Shellcode Injection via CreateThreadpoolWait",
"url": "https://unprotect.it/technique/shellcode-injection-via-createthreadpoolwait/"
},
{
"id": 208,
"name": "NLS Code Injection Through Registry",
"url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
},
{
"id": 221,
"name": "Tamper DLL Export Names & GetProcAddress Spoofing",
"url": "https://unprotect.it/technique/tamper-dll-export-names-getprocaddress-spoofing/"
},
{
"id": 223,
"name": "Dirty Vanity",
"url": "https://unprotect.it/technique/dirty-vanity/"
},
{
"id": 359,
"name": "FuncIn",
"url": "https://unprotect.it/technique/funcin/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/4/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "VirtualAllocEx",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "high",
"description": "",
"featured_in": [
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 115,
"name": "Extra Window Memory Injection",
"url": "https://unprotect.it/technique/extra-window-memory-injection/"
},
{
"id": 118,
"name": "PE Injection",
"url": "https://unprotect.it/technique/pe-injection/"
},
{
"id": 153,
"name": "ConsoleWindowClass",
"url": "https://unprotect.it/technique/consolewindowclass/"
},
{
"id": 154,
"name": "Treepoline",
"url": "https://unprotect.it/technique/treepoline/"
},
{
"id": 155,
"name": "Listplanting",
"url": "https://unprotect.it/technique/listplanting/"
},
{
"id": 156,
"name": "OLEUM",
"url": "https://unprotect.it/technique/oleum/"
},
{
"id": 157,
"name": "EditWordBreakProc",
"url": "https://unprotect.it/technique/editwordbreakproc/"
},
{
"id": 158,
"name": "WordWarping",
"url": "https://unprotect.it/technique/wordwarping/"
},
{
"id": 160,
"name": "CLIPBRDWNDCLASS",
"url": "https://unprotect.it/technique/clipbrdwndclass/"
},
{
"id": 161,
"name": "DNS API Injection",
"url": "https://unprotect.it/technique/dns-api-injection/"
},
{
"id": 162,
"name": "Breaking BaDDEr",
"url": "https://unprotect.it/technique/breaking-badder/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
},
{
"id": 208,
"name": "NLS Code Injection Through Registry",
"url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
},
{
"id": 223,
"name": "Dirty Vanity",
"url": "https://unprotect.it/technique/dirty-vanity/"
},
{
"id": 359,
"name": "FuncIn",
"url": "https://unprotect.it/technique/funcin/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/5/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "VirtualAllocExNuma",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualallocexnuma?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "high",
"description": "",
"featured_in": [
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 359,
"name": "FuncIn",
"url": "https://unprotect.it/technique/funcin/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/6/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "WriteProcessMemory",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "high",
"description": "",
"featured_in": [
{
"id": 61,
"name": "IsDebugged Flag",
"url": "https://unprotect.it/technique/isdebugged-flag/"
},
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 115,
"name": "Extra Window Memory Injection",
"url": "https://unprotect.it/technique/extra-window-memory-injection/"
},
{
"id": 118,
"name": "PE Injection",
"url": "https://unprotect.it/technique/pe-injection/"
},
{
"id": 153,
"name": "ConsoleWindowClass",
"url": "https://unprotect.it/technique/consolewindowclass/"
},
{
"id": 154,
"name": "Treepoline",
"url": "https://unprotect.it/technique/treepoline/"
},
{
"id": 155,
"name": "Listplanting",
"url": "https://unprotect.it/technique/listplanting/"
},
{
"id": 156,
"name": "OLEUM",
"url": "https://unprotect.it/technique/oleum/"
},
{
"id": 157,
"name": "EditWordBreakProc",
"url": "https://unprotect.it/technique/editwordbreakproc/"
},
{
"id": 158,
"name": "WordWarping",
"url": "https://unprotect.it/technique/wordwarping/"
},
{
"id": 160,
"name": "CLIPBRDWNDCLASS",
"url": "https://unprotect.it/technique/clipbrdwndclass/"
},
{
"id": 161,
"name": "DNS API Injection",
"url": "https://unprotect.it/technique/dns-api-injection/"
},
{
"id": 162,
"name": "Breaking BaDDEr",
"url": "https://unprotect.it/technique/breaking-badder/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
},
{
"id": 208,
"name": "NLS Code Injection Through Registry",
"url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
},
{
"id": 223,
"name": "Dirty Vanity",
"url": "https://unprotect.it/technique/dirty-vanity/"
},
{
"id": 358,
"name": "Process Argument Spoofing",
"url": "https://unprotect.it/technique/process-argument-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/7/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "LoadLibraryA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 75,
"name": "API Obfuscation",
"url": "https://unprotect.it/technique/api-obfuscation/"
},
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 110,
"name": "Reflective DLL injection",
"url": "https://unprotect.it/technique/reflective-dll-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 116,
"name": "Injection using Shims",
"url": "https://unprotect.it/technique/injection-using-shims/"
},
{
"id": 117,
"name": "IAT Hooking",
"url": "https://unprotect.it/technique/iat-hooking/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 221,
"name": "Tamper DLL Export Names & GetProcAddress Spoofing",
"url": "https://unprotect.it/technique/tamper-dll-export-names-getprocaddress-spoofing/"
},
{
"id": 223,
"name": "Dirty Vanity",
"url": "https://unprotect.it/technique/dirty-vanity/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/8/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "LoadLibraryW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryw?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/9/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "LoadLibraryExW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/10/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "LoadLibraryExA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/11/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateProcessA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/12/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateProcessW",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessw?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 208,
"name": "NLS Code Injection Through Registry",
"url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/13/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "NtCreateSection",
"ref_link": "https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntcreatesection?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 119,
"name": "Process Doppelgänging",
"url": "https://unprotect.it/technique/process-doppelganging/"
},
{
"id": 170,
"name": "Process Herpaderping",
"url": "https://unprotect.it/technique/process-herpaderping/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/14/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "NtMapViewOfSection",
"ref_link": "https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwmapviewofsection?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/15/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "NtUnmapViewOfSection",
"ref_link": "https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwunmapviewofsection?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/16/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "NtClose",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntclose?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 119,
"name": "Process Doppelgänging",
"url": "https://unprotect.it/technique/process-doppelganging/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/17/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "NtTestAlert",
"ref_link": "http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FAPC%2FNtAlertThread.html",
"from_msdn": false,
"caution_level": "high",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/18/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "OpenThread",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthread?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 111,
"name": "Thread Execution Hijacking",
"url": "https://unprotect.it/technique/thread-execution-hijacking/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 172,
"name": "Killing Windows Event Log",
"url": "https://unprotect.it/technique/killing-windows-event-log/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/19/?format=api",
"library": {
"id": 2,
"name": "NTDLL.DLL",
"description": ""
},
"name": "MapViewOfSection",
"ref_link": "https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwmapviewofsection?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/20/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CopyMemory",
"ref_link": "https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366535(v=vs.85)?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/21/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "QueueUserAPC",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-queueuserapc?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/22/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "ResumeThread",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-resumethread?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 55,
"name": "NtSetInformationThread",
"url": "https://unprotect.it/technique/ntsetinformationthread/"
},
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/23/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CloseHandle",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 13,
"name": "Checking Specific Folder Name",
"url": "https://unprotect.it/technique/checking-specific-folder-name/"
},
{
"id": 60,
"name": "CloseHandle, NtClose",
"url": "https://unprotect.it/technique/closehandle-ntclose/"
},
{
"id": 61,
"name": "IsDebugged Flag",
"url": "https://unprotect.it/technique/isdebugged-flag/"
},
{
"id": 64,
"name": "RDTSC",
"url": "https://unprotect.it/technique/rdtsc/"
},
{
"id": 67,
"name": "Detecting Window with FindWindow API",
"url": "https://unprotect.it/technique/detecting-window-with-findwindow-api/"
},
{
"id": 68,
"name": "Detecting Running Process: EnumProcess API",
"url": "https://unprotect.it/technique/detecting-running-process-enumprocess-api/"
},
{
"id": 88,
"name": "Process Hollowing, RunPE",
"url": "https://unprotect.it/technique/process-hollowing-runpe/"
},
{
"id": 90,
"name": "Parent Process Detection",
"url": "https://unprotect.it/technique/parent-process-detection/"
},
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 110,
"name": "Reflective DLL injection",
"url": "https://unprotect.it/technique/reflective-dll-injection/"
},
{
"id": 111,
"name": "Thread Execution Hijacking",
"url": "https://unprotect.it/technique/thread-execution-hijacking/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 115,
"name": "Extra Window Memory Injection",
"url": "https://unprotect.it/technique/extra-window-memory-injection/"
},
{
"id": 118,
"name": "PE Injection",
"url": "https://unprotect.it/technique/pe-injection/"
},
{
"id": 119,
"name": "Process Doppelgänging",
"url": "https://unprotect.it/technique/process-doppelganging/"
},
{
"id": 131,
"name": "Kill Process",
"url": "https://unprotect.it/technique/kill-process/"
},
{
"id": 134,
"name": "Wiping or Encrypting",
"url": "https://unprotect.it/technique/wiping-or-encrypting/"
},
{
"id": 136,
"name": "NTFS Files Attributes",
"url": "https://unprotect.it/technique/ntfs-files-attributes/"
},
{
"id": 153,
"name": "ConsoleWindowClass",
"url": "https://unprotect.it/technique/consolewindowclass/"
},
{
"id": 154,
"name": "Treepoline",
"url": "https://unprotect.it/technique/treepoline/"
},
{
"id": 155,
"name": "Listplanting",
"url": "https://unprotect.it/technique/listplanting/"
},
{
"id": 156,
"name": "OLEUM",
"url": "https://unprotect.it/technique/oleum/"
},
{
"id": 157,
"name": "EditWordBreakProc",
"url": "https://unprotect.it/technique/editwordbreakproc/"
},
{
"id": 158,
"name": "WordWarping",
"url": "https://unprotect.it/technique/wordwarping/"
},
{
"id": 160,
"name": "CLIPBRDWNDCLASS",
"url": "https://unprotect.it/technique/clipbrdwndclass/"
},
{
"id": 161,
"name": "DNS API Injection",
"url": "https://unprotect.it/technique/dns-api-injection/"
},
{
"id": 162,
"name": "Breaking BaDDEr",
"url": "https://unprotect.it/technique/breaking-badder/"
},
{
"id": 165,
"name": "Indicator Removal: Timestomp",
"url": "https://unprotect.it/technique/indicator-removal-timestomp/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
},
{
"id": 174,
"name": "User Interaction (Are you human?)",
"url": "https://unprotect.it/technique/user-interaction-are-you-human/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 208,
"name": "NLS Code Injection Through Registry",
"url": "https://unprotect.it/technique/nls-code-injection-through-registry/"
},
{
"id": 216,
"name": "FLIRT Signatures Evasion",
"url": "https://unprotect.it/technique/flirt-signatures-evasion/"
},
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
},
{
"id": 357,
"name": "SMB / Named Pipes",
"url": "https://unprotect.it/technique/smb-named-pipes/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/24/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "OpenProcess",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 59,
"name": "CsrGetProcessID",
"url": "https://unprotect.it/technique/csrgetprocessid/"
},
{
"id": 61,
"name": "IsDebugged Flag",
"url": "https://unprotect.it/technique/isdebugged-flag/"
},
{
"id": 63,
"name": "NtGlobalFlag",
"url": "https://unprotect.it/technique/ntglobalflag/"
},
{
"id": 67,
"name": "Detecting Window with FindWindow API",
"url": "https://unprotect.it/technique/detecting-window-with-findwindow-api/"
},
{
"id": 68,
"name": "Detecting Running Process: EnumProcess API",
"url": "https://unprotect.it/technique/detecting-running-process-enumprocess-api/"
},
{
"id": 93,
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"url": "https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 115,
"name": "Extra Window Memory Injection",
"url": "https://unprotect.it/technique/extra-window-memory-injection/"
},
{
"id": 118,
"name": "PE Injection",
"url": "https://unprotect.it/technique/pe-injection/"
},
{
"id": 131,
"name": "Kill Process",
"url": "https://unprotect.it/technique/kill-process/"
},
{
"id": 153,
"name": "ConsoleWindowClass",
"url": "https://unprotect.it/technique/consolewindowclass/"
},
{
"id": 154,
"name": "Treepoline",
"url": "https://unprotect.it/technique/treepoline/"
},
{
"id": 155,
"name": "Listplanting",
"url": "https://unprotect.it/technique/listplanting/"
},
{
"id": 156,
"name": "OLEUM",
"url": "https://unprotect.it/technique/oleum/"
},
{
"id": 157,
"name": "EditWordBreakProc",
"url": "https://unprotect.it/technique/editwordbreakproc/"
},
{
"id": 158,
"name": "WordWarping",
"url": "https://unprotect.it/technique/wordwarping/"
},
{
"id": 160,
"name": "CLIPBRDWNDCLASS",
"url": "https://unprotect.it/technique/clipbrdwndclass/"
},
{
"id": 161,
"name": "DNS API Injection",
"url": "https://unprotect.it/technique/dns-api-injection/"
},
{
"id": 162,
"name": "Breaking BaDDEr",
"url": "https://unprotect.it/technique/breaking-badder/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 172,
"name": "Killing Windows Event Log",
"url": "https://unprotect.it/technique/killing-windows-event-log/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 223,
"name": "Dirty Vanity",
"url": "https://unprotect.it/technique/dirty-vanity/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/25/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "Sleep",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 29,
"name": "Checking Mouse Activity",
"url": "https://unprotect.it/technique/checking-mouse-activity/"
},
{
"id": 31,
"name": "Checking Screen Resolution",
"url": "https://unprotect.it/technique/checking-screen-resolution/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 151,
"name": "GetForegroundWindow",
"url": "https://unprotect.it/technique/getforegroundwindow/"
},
{
"id": 152,
"name": "Bypass User Account Control",
"url": "https://unprotect.it/technique/bypass-user-account-control/"
},
{
"id": 167,
"name": "File Melt",
"url": "https://unprotect.it/technique/file-melt/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 172,
"name": "Killing Windows Event Log",
"url": "https://unprotect.it/technique/killing-windows-event-log/"
},
{
"id": 178,
"name": "ProcEnvInjection - Remote code injection by abusing process environment strings",
"url": "https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/"
},
{
"id": 353,
"name": "C2 via FTP(S)",
"url": "https://unprotect.it/technique/c2-via-ftps/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/26/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "Process32First",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32first?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 90,
"name": "Parent Process Detection",
"url": "https://unprotect.it/technique/parent-process-detection/"
},
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 131,
"name": "Kill Process",
"url": "https://unprotect.it/technique/kill-process/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/27/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "Process32Next",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32next?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 90,
"name": "Parent Process Detection",
"url": "https://unprotect.it/technique/parent-process-detection/"
},
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 131,
"name": "Kill Process",
"url": "https://unprotect.it/technique/kill-process/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/28/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "CreateToolhelp32Snapshot",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 90,
"name": "Parent Process Detection",
"url": "https://unprotect.it/technique/parent-process-detection/"
},
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 111,
"name": "Thread Execution Hijacking",
"url": "https://unprotect.it/technique/thread-execution-hijacking/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 131,
"name": "Kill Process",
"url": "https://unprotect.it/technique/kill-process/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 172,
"name": "Killing Windows Event Log",
"url": "https://unprotect.it/technique/killing-windows-event-log/"
},
{
"id": 173,
"name": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://unprotect.it/technique/access-token-manipulation-parent-pid-spoofing/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/29/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "Thread32First",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32first?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 111,
"name": "Thread Execution Hijacking",
"url": "https://unprotect.it/technique/thread-execution-hijacking/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 172,
"name": "Killing Windows Event Log",
"url": "https://unprotect.it/technique/killing-windows-event-log/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/30/?format=api",
"library": {
"id": 1,
"name": "Kernel32.dll",
"description": ""
},
"name": "Thread32Next",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32next?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 109,
"name": "SuspendThread",
"url": "https://unprotect.it/technique/suspendthread/"
},
{
"id": 111,
"name": "Thread Execution Hijacking",
"url": "https://unprotect.it/technique/thread-execution-hijacking/"
},
{
"id": 113,
"name": "APC injection",
"url": "https://unprotect.it/technique/apc-injection/"
},
{
"id": 114,
"name": "Atom Bombing",
"url": "https://unprotect.it/technique/atom-bombing/"
},
{
"id": 168,
"name": "Detecting Online Sandbox",
"url": "https://unprotect.it/technique/detecting-online-sandbox/"
},
{
"id": 172,
"name": "Killing Windows Event Log",
"url": "https://unprotect.it/technique/killing-windows-event-log/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/31/?format=api",
"library": {
"id": 3,
"name": "Advapi32.lib",
"description": "Advapi32.lib is a dynamic-link library (DLL) in Windows operating system. It provides a set of APIs (Application Programming Interfaces) that allow applications to perform various security-related operations, such as:\r\n\r\n* Managing user accounts and access control\r\n* Reading and writing to the Windows registry\r\n* Encrypting and decrypting data\r\n* Logging security events in the Windows event log\r\n* Performing operations with digital certificates and signatures.\r\n\r\nIn other words, Advapi32.lib provides a high-level interface for managing security and access control in Windows, making it easier for developers to build secure applications."
},
"name": "CreateServiceA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-createservicea?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": [
{
"id": 215,
"name": "Windows Event Log Evasion via Native APIs",
"url": "https://unprotect.it/technique/windows-event-log-evasion-via-native-apis/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/32/?format=api",
"library": {
"id": 3,
"name": "Advapi32.lib",
"description": "Advapi32.lib is a dynamic-link library (DLL) in Windows operating system. It provides a set of APIs (Application Programming Interfaces) that allow applications to perform various security-related operations, such as:\r\n\r\n* Managing user accounts and access control\r\n* Reading and writing to the Windows registry\r\n* Encrypting and decrypting data\r\n* Logging security events in the Windows event log\r\n* Performing operations with digital certificates and signatures.\r\n\r\nIn other words, Advapi32.lib provides a high-level interface for managing security and access control in Windows, making it easier for developers to build secure applications."
},
"name": "StartServiceA",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-startservicea?WT.mc_id=SEC-MVP-5005282",
"from_msdn": true,
"caution_level": "medium",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/33/?format=api",
"library": {
"id": 4,
"name": "Rpcrt4.dll",
"description": "Rpcrt4.dll is a dynamic-link library (DLL) in the Windows operating system that provides the Remote Procedure Call (RPC) runtime system.\r\n\r\nRPC is a communication protocol that allows a computer program to make a request to another program located on a different computer, with the response being returned to the original caller. The Rpcrt4.dll library provides the core functionality for implementing RPC in Windows, including the management of communication between the client and server, serialization and deserialization of data, and security functions.\r\n\r\nRpcrt4.dll is used by applications to make remote procedure calls over a network and is essential for implementing distributed systems in Windows."
},
"name": "NdrClientCall2",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": [
{
"id": 215,
"name": "Windows Event Log Evasion via Native APIs",
"url": "https://unprotect.it/technique/windows-event-log-evasion-via-native-apis/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/34/?format=api",
"library": {
"id": 5,
"name": "winmm.dll",
"description": ""
},
"name": "timeGetTime",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/35/?format=api",
"library": {
"id": 6,
"name": "oleacc.dll",
"description": ""
},
"name": "LresultFromObject",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/36/?format=api",
"library": {
"id": 7,
"name": "winspool.drv",
"description": ""
},
"name": "DocumentPropertiesW",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/37/?format=api",
"library": {
"id": 7,
"name": "winspool.drv",
"description": ""
},
"name": "ClosePrinter",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/38/?format=api",
"library": {
"id": 7,
"name": "winspool.drv",
"description": ""
},
"name": "OpenPrinterW",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/39/?format=api",
"library": {
"id": 7,
"name": "winspool.drv",
"description": ""
},
"name": "GetDefaultPrinterW",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/40/?format=api",
"library": {
"id": 7,
"name": "winspool.drv",
"description": ""
},
"name": "EnumPrinters",
"ref_link": "https://learn.microsoft.com/en-us/windows/win32/printdocs/enumprinters",
"from_msdn": true,
"caution_level": "low",
"description": "The `EnumPrinters is used to enumerate the printers installed on a local or remote system and retrieve information about them, such as their names, status, and properties.\r\n\r\nThe function takes several parameters, including the type of printers to enumerate, the name of the server to connect to (if applicable), the level of detail to retrieve about each printer, and a buffer to receive the printer information. The function returns a Boolean value indicating whether it was successful or not, as well as the number of printers found.\r\n\r\nThere are several types of printers that can be enumerated using the `EnumPrinters` function, including local printers, network printers, and printers connected to other computers. The level of detail that can be retrieved about each printer depends on the level parameter passed to the function, which can range from 1 to 9.\r\n\r\nThe `EnumPrinters` function can be useful for a variety of purposes, such as detecting the presence of printers on a system, identifying the default printer, or retrieving information about a specific printer.",
"featured_in": [
{
"id": 37,
"name": "Connected Printer",
"url": "https://unprotect.it/technique/connected-printer/"
}
]
},
{
"url": "https://unprotect.it/api/featured_api/41/?format=api",
"library": {
"id": 8,
"name": "comdlg32.dll",
"description": ""
},
"name": "FindTextW",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/42/?format=api",
"library": {
"id": 8,
"name": "comdlg32.dll",
"description": ""
},
"name": "GetOpenFileNameW",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/43/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "ImageList_GetImageInfo",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/44/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "FlatSB_SetScrollInfo",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/45/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "InitCommonControls",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/46/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "ImageList_DragMove",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/47/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "ImageList_Destroy",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/48/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "_TrackMouseEvent",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/49/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "ImageList_DragShowNolock",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
},
{
"url": "https://unprotect.it/api/featured_api/50/?format=api",
"library": {
"id": 9,
"name": "comctl32.dll",
"description": ""
},
"name": "ImageList_Add",
"ref_link": null,
"from_msdn": true,
"caution_level": "low",
"description": "",
"featured_in": []
}
]
}
