Hook injection is a technique used by malware to alter the behavior of internal functions in an operating system or application. This is typically achieved by inserting malicious code into existing function calls, allowing the malware to intercept and manipulate the normal flow of execution.

In the case of Windows, the SetWindowsHookEx function can be used by programs to …

The "Control Signal Handler Callback" technique involves injecting malicious code into a process by using a callback function for control signal handlers. When a control signal, such as Ctrl+C, is received by a process, the system creates a new thread to execute a function to handle the signal. This thread is typically created by the legitimate process "csrss.exe" in the …

Inline hooking is a technique used to intercept calls to target functions. It is commonly used by antiviruses, sandboxes, and malware to perform a variety of tasks, such as checking parameters, shimming, logging, spoofing returned data, and filtering calls.

The process of inline hooking involves directly modifying the code within the target function, usually by overwriting the first few …

Anti-forensic techniques are methods used by malware to prevent security professionals from detecting and analyzing it. One way that malware can accomplish this is by using wiping or encryption techniques to remove its own trace from the system.

In some cases, malware may use wiping or encryption as a decoy, in order to distract security professionals and hide its …

Adversaries may environmentally key payloads or other features of malware to evade defenses and constraint execution to a specific target environment. Environmental keying uses cryptography to constrain execution or actions based on adversary supplied environment specific conditions that are expected to be present on the target. Environmental keying is an implementation of Execution Guardrails that utilizes cryptographic techniques for deriving …