The input sample is signed with a certificateĪdversaries can use methods of capturing user input for obtaining credentials for ] and information ] that include keylogging and user input field interception.Ĭontains ability to retrieve keyboard strokes Process injection is a method of executing arbitrary code in the address space of a separate live process.Ĭode signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Opens the Kernel Security Device Driver (KsecDD) of Windows Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Windows Dynamic Data Exchange (DDE) is a client-server protocol for one-time and/or continuous inter-process communication (IPC) between applications. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths.Ĭontains ability to access the loader directly Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |