Common Information
| Type | Value |
|---|---|
| Value |
Code Injection - T1540 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may use code injection attacks to implant arbitrary code into the address space of a running application. Code is then executed or interpreted by that application. Adversaries utilizing this technique may exploit capabilities to load code in at runtime through dynamic libraries. With root access, `ptrace` can be used to target specific applications and load shared libraries into its process memory.(Citation: Shunix Code Injection Mar 2016)(Citation: Fadeev Code Injection Aug 2018) By injecting code, an adversary may be able to gain access to higher permissions held by the targeted application by executing as the targeted application. In addition, the adversary may be able to evade detection or enable persistent access to a system under the guise of the application’s process.(Citation: Google Triada June 2019) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-06 | 5 | Shellcode RE | ||
| Details | Website | 2024-11-06 | 0 | Thick Client Pentesting: Breaking Down the Big Boned Apps — Part:1 | ||
| Details | Website | 2024-11-05 | 0 | Malware Development Part 11: APC Injection Technique | ||
| Details | Website | 2024-11-04 | 1004 | US-CERT Vulnerability Summary for the Week of October 28, 2024 - RedPacket Security | ||
| Details | Website | 2024-11-04 | 10 | Windows Malware Development | ||
| Details | Website | 2024-11-04 | 5 | Pwn3D: Abusing 3D Models for Code Execution | ||
| Details | Website | 2024-11-03 | 0 | How Cyber Criminals Are Evading Antivirus Software | ||
| Details | Website | 2024-11-02 | 0 | Hiding in Plain Sight — The Role of White Hat Hackers in Open Source Security | ||
| Details | Website | 2024-11-01 | 2 | The importance of considering ISO/IEC 27034 in a Secure SDLC | ||
| Details | Website | 2024-11-01 | 3 | Metasploit Weekly Wrap-up 11/01/2024 | Rapid7 Blog | ||
| Details | Website | 2024-11-01 | 1 | LottieFiles Supply Chain Attack: Compromised npm Package Targets Cryptocurrency Wallets - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-01 | 2 | LottieFiles Supply Chain Attack: Compromised npm Package Targets Cryptocurrency Wallets | ||
| Details | Website | 2024-10-31 | 4 | Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024) | ||
| Details | Website | 2024-10-30 | 1 | JavaScript Security Vulnerabilities Unveiled: Insights from Sandworm Monitor | ||
| Details | Website | 2024-10-30 | 12 | “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack | ||
| Details | Website | 2024-10-28 | 1185 | US-CERT Vulnerability Summary for the Week of October 21, 2024 - RedPacket Security | ||
| Details | Website | 2024-10-28 | 26 | The SOS Intelligence CVE Chatter Weekly Top Ten - 28 October 2024 - SOS Intelligence | ||
| Details | Website | 2024-10-26 | 18 | AIO Web App Pentesting Checklist | ||
| Details | Website | 2024-10-24 | 2 | Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024) | ||
| Details | Website | 2024-10-24 | 3 | Angr CTF: Overcoming the “Not Enough Data for Store” Error | ||
| Details | Website | 2024-10-24 | 1 | CVE Alert: CVE-2024-48964 - RedPacket Security | ||
| Details | Website | 2024-10-24 | 1 | CVE Alert: CVE-2024-48963 - RedPacket Security | ||
| Details | Website | 2024-10-24 | 12 | Understanding the Initial Stages of Web Shell and VPN Threats An MXDR Analysis | ||
| Details | Website | 2024-10-23 | 1 | CISA Adds Critical Microsoft SharePoint Vulnerability (CVE-2024-38094) to Known Exploited Vulnerabilities Catalog | ||
| Details | Website | 2024-10-23 | 1 | CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094 |