GET /api/techniques/112/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 112,
"key": "image-file-execution-options-injection",
"unprotect_id": "U1222",
"name": "Image File Execution Options Injection",
"description": "Image File Execution Options Injection, also known as IFEO Injection, is a technique used by malware to evade detection and persist on a compromised system. \r\n\r\nThe technique involves modifying the Image File Execution Options (IFEO) registry key, which is used by the Windows operating system to set debugging options for executable files. When an executable file is launched, the operating system checks the corresponding IFEO registry key for any specified debugging options. If the key exists, the operating system launches the specified debugger instead of the executable file. \r\n\r\nAlong with IFEO, malware also uses other registry keys such as `Appinit_DLL` and `AppCertDlls` for both injection and persistence on the compromised system. These keys are used by the operating system to load DLLs at the start of a process and for code signing, respectively.",
"resources": "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process",
"creation_date": "2019-03-23T17:19:27Z",
"tags": "Image File Execution Options Injection, IFEO Injection, malware, evasion, detection, persistence, compromised system, registry keys, Windows operating system, debugging options, executable files, Appinit_DLL, AppCertDlls, injection, DLLs, code signing,de signing,",
"modification_date": "2023-10-04T10:44:02.397000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
331
],
"contributors": []
}
