GET /api/techniques/92/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 92,
"key": "hook-injection",
"unprotect_id": "U1227, E1055.m01",
"name": "Hook Injection",
"description": "Hook injection is a technique used by malware to alter the behavior of internal functions in an operating system or application. This is typically achieved by inserting malicious code into existing function calls, allowing the malware to intercept and manipulate the normal flow of execution.\r\n\r\nIn the case of Windows, the `SetWindowsHookEx` function can be used by programs to install hooks that monitor events such as mouse clicks and keyboard key presses. This can enable malware to monitor user actions and steal sensitive information or perform other malicious actions. By using hook injection, malware can evade detection and continue to operate stealthily within a system.",
"resources": "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process\nhttps://www.ired.team/offensive-security/code-injection-process-injection/setwindowhookex-code-injection",
"creation_date": "2019-03-18T14:47:10Z",
"tags": "Hook injection, malware, internal functions, operating system, application, malicious code, existing function calls, intercept, manipulate, normal flow of execution, SetWindowsHookEx function,",
"modification_date": "2023-10-04T10:44:04.798000Z",
"category": [
4
],
"rules": [
118,
119
],
"attachments": [],
"featured_api": [
117,
131,
212,
272
],
"contributors": []
}
