Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
4 item(s) found so far for this keyword.
Process Injection: Thread Execution Hijacking Defense Evasion [Mitre]
Adversaries may inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. Thread Execution Hijacking is a method of executing arbitrary code in the address space of a separate live process.
Thread Execution Hijacking is commonly performed by suspending an existing process then unmapping/hollowing its memory, which can then be replaced …
Process Injection: Process Hollowing Defense Evasion [Mitre]
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
Process hollowing is commonly performed by creating a process in a suspended state then unmapping/hollowing its memory, which can then be replaced with malicious code. …
Process Hollowing, RunPE Process Manipulating
Process hollowing is a technique used by malware to evade detection by injecting malicious code into a legitimate process. This technique involves creating a new instance of a legitimate process and replacing its original code with the malicious payload.
The process is the following:
CreateProcess: in a suspended mode with the CreationFlag at 0x0000 0004.…
ProcEnvInjection - Remote code injection by abusing process environment strings Process Manipulating
This method allows to inject custom code into a remote process without using WriteProcessMemory - It will use the lpEnvironment parameter in CreateProcess to copy the code into the target process. This technique can be used to load a DLL into a remote process, or simply execute a block of code.
The lpEnvironment parameter in CreateProcess allows us to …