Adversaries may abuse the Windows service control manager to execute malicious commands or payloads.Ĭontains ability to open/control a serviceĪdversaries may modify the kernel to automatically execute programs on system boot.Īdversaries may make and impersonate tokens to escalate privileges and bypass access controls.Ĭontains ability to adjust token privilegesĪdversaries may perform software packing or virtual machine software protection to conceal their code.Īdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.Īdversaries may employ various means to detect and avoid virtualization and analysis environments.Īdversaries may use NTFS file attributes to hide their malicious data in order to evade detection.Īdversaries may log user keystrokes to intercept credentials as the user types them.Ĭontains ability to retrieve keyboard strokesĪdversaries may hook into Windows application programming interface (API) functions to collect user credentials.
0 Comments
Leave a Reply. |