GET /api/techniques/111/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 111,
"key": "thread-execution-hijacking",
"unprotect_id": "U1223, E1055.003",
"name": "Thread Execution Hijacking",
"description": "Thread execution hijacking is a technique used by malware to evade detection by targeting an existing thread of a process and avoiding any noisy process or thread creation operations. This technique allows the malware to run its code within the context of the targeted thread, without creating new processes or threads, which can be easily detected by security software.\r\n\r\nDuring analysis, it is possible to observe calls to `CreateToolhelp32Snapshot` and `Thread32First` functions followed by `OpenThread`, which are used by the malware to enumerate and select the target thread.",
"resources": "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process",
"creation_date": "2019-03-23T17:16:57Z",
"tags": "thread execution hijacking, malware, evading detection, existing thread, process, avoiding noisy process, thread creations operations, analysis, CreateToolhelp32Snapshot, Thread32First,",
"modification_date": "2023-10-04T10:42:29.198000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
18,
23,
28,
29,
30
],
"contributors": []
}
