Common Information
| Type | Value |
|---|---|
| Value |
Hooking |
| Category | Attack-Pattern |
| Type | Mitre-Ics-Techniques |
| Misp Type | Cluster |
| Description | Adversaries may hook into application programming interface (API) functions used by processes to redirect calls for persistent means. Windows processes often leverage these API functions to perform tasks that require reusable system resources. Windows API functions are typically stored in dynamic-link libraries (DLLs) as exported functions. One type of hooking seen in ICS involves redirecting calls to these functions via import address table (IAT) hooking. IAT hooking uses modifications to a process’s IAT, where pointers to imported API functions are stored. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2754-08-03 | 37 | Virus Bulletin :: VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library | ||
| Details | Website | 2024-12-29 | 2 | Cobalt Strike DFIR: Listening to the Pipes — Blake's R&D | ||
| Details | Website | 2024-11-15 | 38 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | ||
| Details | Website | 2024-11-15 | 38 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | ||
| Details | Website | 2024-11-15 | 4 | New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant - SOC Prime | ||
| Details | Website | 2024-11-14 | 11 | Reversing IL2CPP IOS Unity games | ||
| Details | Website | 2024-11-13 | 1 | China's Volt Typhoon botnet has re-emerged | ||
| Details | Website | 2024-11-13 | 22 | LAB 11 Practical Malwre Analysis | ||
| Details | Website | 2024-11-11 | 69 | BSides CPH 2024 Writeup: DIY Trojan horse or: How to get your malware past EDR | ||
| Details | Website | 2024-11-11 | 11 | EDR: Don’t mess with my config | ||
| Details | Website | 2024-11-11 | 0 | Indianapolis man snared by child predator tracking group | Archives | #childpredator | #onlinepredator | #sextrafficing | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 11 | Remcos RAT IOCs - Part 23 - SEC-1275-1 | ||
| Details | Website | 2024-11-10 | 7 | 每日安全动态推送(24/11/7) | CTF导航 | ||
| Details | Website | 2024-11-10 | 6 | Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective | CTF导航 | ||
| Details | Website | 2024-11-09 | 14 | Building CAPEv2 — Automated Malware Analysis Sandbox — Part 1 | ||
| Details | Website | 2024-11-09 | 18 | BugBounty — Mastering the Basics (along with Resources)[Part-3] | ||
| Details | Website | 2024-11-08 | 27 | New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs | ||
| Details | Website | 2024-11-07 | 0 | Tech Analysis: CrowdStrike's Kernel Access and Security Architecture | ||
| Details | Website | 2024-11-07 | 26 | The Windows Restart Manager: How It Works Part 1 | ||
| Details | Website | 2024-11-05 | 0 | Unveiling Memory Forensics: Techniques for Detecting Malware and Threats Across Platforms | ||
| Details | Website | 2024-11-05 | 9 | Vulnerabilities Weaponizing — Cross-site Scripting (XSS) | ||
| Details | Website | 2024-11-05 | 14 | 野蛮fuzz:持久性fuzz | CTF导航 | ||
| Details | Website | 2024-11-04 | 0 | CylanceMDR: A White Glove Onboarding Experience | ||
| Details | Website | 2024-11-04 | 4 | Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective | ||
| Details | Website | 2024-11-03 | 0 | How Cyber Criminals Are Evading Antivirus Software |