Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
17 item(s) found so far for this keyword.
WordWarping Process Manipulating
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window. Edit controls can be set to display text in multiline mode, in which case they …
EditWordBreakProc Process Manipulating
Edit controls, including Rich Edit controls, are a common type of Windows control found in many applications. They can be embedded directly in the application or as subclassed windows.
When these controls display text in multiline mode, they use a callback function called EditWordBreakProc. This function is called every time the control needs to do something related to word …
OLEUM Process Manipulating
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window. Edit controls can be set to display text in multiline mode, in which case they …
Listplanting Process Manipulating
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window.
Edit controls can be set to display text in multiline mode, in which case they …
Ctrl+Inject Process Manipulating
The "Control Signal Handler Callback" technique involves injecting malicious code into a process by using a callback function for control signal handlers. When a control signal, such as Ctrl+C, is received by a process, the system creates a new thread to execute a function to handle the signal. This thread is typically created by the legitimate process "csrss.exe" in the …
Shellcode Injection via CreateThreadpoolWait Process Manipulating
Shellcode injection is a technique used by malware to execute arbitrary code within the context of a targeted process. One method of achieving this is through the use of the CreateThreadpoolWait function, which is a part of the Windows thread pool API.
In the context of shellcode injection, CreateThreadpoolWait is used to create a wait object that is associated with …
Process Injection: ListPlanting Defense Evasion [Mitre]
Adversaries may abuse list-view controls to inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. ListPlanting is a method of executing arbitrary code in the address space of a separate live process. Code executed via ListPlanting may also evade detection from security products since the execution is masked under a legitimate …
Treepoline Process Manipulating
Tree-view controls are a type of user interface element that is used to display hierarchical data in a graphical user interface (GUI). They are commonly used in Windows applications and allow users to navigate and explore complex data structures.
To display its content, a tree-view control must sort the items it shows. The sorting routine for a tree-view control can …
Hijack Execution Flow: KernelCallbackTable Defense Evasion [Mitre]
Adversaries may abuse the KernelCallbackTable of a process to hijack its execution flow in order to run their own payloads. The KernelCallbackTable can be found in the Process Environment Block (PEB) and is initialized to an array of graphic functions available to a GUI process once user32.dll is loaded.
An adversary may hijack the execution flow of a process using …
DNS API Injection Process Manipulating
DNS API injection is a technique used by malware to evade detection by intercepting and modifying DNS (Domain Name System) requests made by a host system. The technique involves injecting code into the DNS API (Application Programming Interface) of the host system, which is a set of functions and protocols that allow communication with the DNS service. By injecting code …