Hijack Execution Flow: Path Interception by PATH Environment Variable

Defense Evasion [Mitre]

Adversaries may execute their own malicious payloads by hijacking environment variables used to load libraries. Adversaries may place a program in an earlier entry in the list of directories stored in the PATH environment variable, which Windows will then execute when it searches sequentially through that PATH listing in search of the binary that was called from a script or …

Hijack Execution Flow: Path Interception by Search Order Hijacking

Defense Evasion [Mitre]

Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs. Because some programs do not call other programs using the full path, adversaries may place their own file in the directory where the calling program is located, causing the operating system to launch their malicious software at the request of the calling program.

Hijack Execution Flow: Path Interception by Unquoted Path

Defense Evasion [Mitre]

Adversaries may execute their own malicious payloads by hijacking vulnerable file path references. Adversaries can take advantage of paths that lack surrounding quotations by placing an executable in a higher level directory within the path, so that Windows will choose the adversary's executable to launch.

Service paths and shortcut paths may also be vulnerable to path interception if the …

Search For Content

Search Result

Hijack Execution Flow: Path Interception by PATH Environment Variable

Defense Evasion [Mitre]

Hijack Execution Flow: Path Interception by Search Order Hijacking

Defense Evasion [Mitre]

Hijack Execution Flow: Path Interception by Unquoted Path

Defense Evasion [Mitre]