Common Information
| Type | Value |
|---|---|
| Value |
Hooking - T1617 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may utilize hooking to hide the presence of artifacts associated with their behaviors to evade detection. Hooking can be used to modify return values or data structures of system APIs and function calls. This process typically involves using 3rd party root frameworks, such as Xposed or Magisk, with either a system exploit or pre-existing root access. By including custom modules for root frameworks, adversaries can hook system APIs and alter the return value and/or system data structures to alter functionality/visibility of various aspects of the system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2754-08-03 | 37 | Virus Bulletin :: VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library | ||
| Details | Website | 2024-12-29 | 2 | Cobalt Strike DFIR: Listening to the Pipes — Blake's R&D | ||
| Details | Website | 2024-11-15 | 38 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | ||
| Details | Website | 2024-11-15 | 38 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | ||
| Details | Website | 2024-11-15 | 4 | New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant - SOC Prime | ||
| Details | Website | 2024-11-14 | 11 | Reversing IL2CPP IOS Unity games | ||
| Details | Website | 2024-11-13 | 1 | China's Volt Typhoon botnet has re-emerged | ||
| Details | Website | 2024-11-13 | 22 | LAB 11 Practical Malwre Analysis | ||
| Details | Website | 2024-11-11 | 69 | BSides CPH 2024 Writeup: DIY Trojan horse or: How to get your malware past EDR | ||
| Details | Website | 2024-11-11 | 11 | EDR: Don’t mess with my config | ||
| Details | Website | 2024-11-11 | 0 | Indianapolis man snared by child predator tracking group | Archives | #childpredator | #onlinepredator | #sextrafficing | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 11 | Remcos RAT IOCs - Part 23 - SEC-1275-1 | ||
| Details | Website | 2024-11-10 | 7 | 每日安全动态推送(24/11/7) | CTF导航 | ||
| Details | Website | 2024-11-10 | 6 | Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective | CTF导航 | ||
| Details | Website | 2024-11-09 | 14 | Building CAPEv2 — Automated Malware Analysis Sandbox — Part 1 | ||
| Details | Website | 2024-11-09 | 18 | BugBounty — Mastering the Basics (along with Resources)[Part-3] | ||
| Details | Website | 2024-11-08 | 27 | New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs | ||
| Details | Website | 2024-11-07 | 0 | Tech Analysis: CrowdStrike's Kernel Access and Security Architecture | ||
| Details | Website | 2024-11-07 | 26 | The Windows Restart Manager: How It Works Part 1 | ||
| Details | Website | 2024-11-05 | 0 | Unveiling Memory Forensics: Techniques for Detecting Malware and Threats Across Platforms | ||
| Details | Website | 2024-11-05 | 9 | Vulnerabilities Weaponizing — Cross-site Scripting (XSS) | ||
| Details | Website | 2024-11-05 | 14 | 野蛮fuzz:持久性fuzz | CTF导航 | ||
| Details | Website | 2024-11-04 | 0 | CylanceMDR: A White Glove Onboarding Experience | ||
| Details | Website | 2024-11-04 | 4 | Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective | ||
| Details | Website | 2024-11-03 | 0 | How Cyber Criminals Are Evading Antivirus Software |