![]() Tries to access unusual system drive lettersĪdversaries may communicate using a custom command and control protocol instead of using existing ] to encapsulate commands.Ĭontains indicators of bot communication commands Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how.Īdversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Process injection is a method of executing arbitrary code in the address space of a separate live process. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. ![]() ![]() ![]() Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |