Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Relevant documentation

  • Mitre T1543 - Creating or modifying a system process can disguise malicious code as a normal, trusted system process from malware detection.

  • Mitre T1068 - Performing privilege escalation via software vulnerabilities can allow malicious code to escape permission restrictions or virtualized environments.

  • Mitre T1055-001 - DLL injection can be used to load malicious code into a process by simply instructing the target process to load a new DLL or by replacing a legitimate DLL before it is loaded.

  • Mitre T1059-001 - PowerShell is often used by Windows malware to perform malware setup, such as replacing legitimate files with malicious ones.