![]() Reads information about supported languages Queries the internet cache settings (often used to hide footprints in index.dat or internet cache) Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how.Īdversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. The input sample is signed with a certificateĪdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in ] and ]. Process injection is a method of executing arbitrary code in the address space of a separate live process.Īllocates virtual memory in a remote processĬode signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Installs hooks/patches the running process ![]() Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Opens the Kernel Security Device Driver (KsecDD) of Windows ![]() Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. ![]() ![]() Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |