GET /api/techniques/117/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 117,
"key": "iat-hooking",
"unprotect_id": "U1217, F0015.003",
"name": "IAT Hooking",
"description": "IAT hooking is a way to run malicious code by modifying the Import Address Table of a specific executable. Consisting of replacing one legitimate function from imported DLL by a malicious one. \r\n\r\nIAT hooking and inline hooking are generally known as userland rootkits. IAT hooking is a technique that malware uses to change the import address table. When a legitimate application calls an API located in a DLL, the replaced function is executed instead of the original one. In contrast, with inline hooking, malware modifies the API function itself.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108",
"creation_date": "2019-03-23T17:28:15Z",
"tags": "iat",
"modification_date": "2023-10-04T10:42:26.592000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": []
}
