HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 114,
"key": "atom-bombing",
"unprotect_id": "U1220",
"name": "Atom Bombing",
"description": "Atom Bombing is a technique that utilizes Windows Atom Tables, which provide a global storage mechanism for strings, to inject malicious code into a target process. \r\n\r\nThe technique involves storing a shellcode in an Atom Table, then using the `NtQueueApcThread` function to force the targeted process to access the specific Atom, causing the injection to occur. To bypass Data Execution Prevention (DEP), the technique also employs Return Oriented Programming (ROP) chains. \r\n\r\nAtom Bombing is a form of process injection that abuses legitimate Windows functions to store and execute malicious code in a target process.",
"resources": "https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows",
"creation_date": "2019-03-23T17:22:37Z",
"tags": "Atom Bombing, Process injection, Windows functions, Atom Tables, Globally accessible string storage, shellcode, NtQueueApcThread, targeted process, Return Oriented Programming (ROP), Data Execution Prevention (DEP), injection, malicious code, Windows Atom Tables, global storage mechanism,",
"modification_date": "2023-10-04T10:42:35.764000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
6,
7,
18,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
338,
339,
340,
357,
365,
381,
383,
395,
399,
412,
415,
419,
425,
439,
444,
449,
532
],
"contributors": []
}
