1/2/2024 0 Comments Syncthing cpu usage![]() Remote desktop is a common feature in operating systems. Reads information about supported languagesĪdversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Monitors specific registry key for changes Software packing is a method of compressing or encrypting an executable.Īdversaries may attempt to get a listing of local system or domain accounts.ĭetected network related fingerprinting/snooping attemptĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. The input sample is signed with a certificateĪdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in ] and ]. Process injection is a method of executing arbitrary code in the address space of a separate live process.Ĭode signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Opens the Kernel Security Device Driver (KsecDD) of Windows ![]() Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |