使用内核回调表进程注入 | CTF导航
Tags
| cmtmf-attack-pattern: | Process Injection |
| attack-pattern: | Kernelcallbacktable - T1574.013 Process Injection - T1631 Reflective Code Loading - T1620 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | e5f77af5-096a-43a7-b675-5bb6c4be5d59 |
| Fingerprint | 8ddda4c8a846dc08 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Nov. 10, 2024, midnight |
| Added to db | Nov. 12, 2024, 3:50 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | 使用内核回调表进程注入 |
| Title | 使用内核回调表进程注入 | CTF导航 |
| Detected Hints/Tags/Attributes | 21/2/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/215133.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | jentletao.top |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 1 | 这是在user32.dll |
|
| Details | File | 2 | 当user32.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 1 | 会将ntdll.dll |
|
| Details | File | 33 | c:\windows\system32\notepad.exe |
|
| Details | File | 1 | helper.asm |
|
| Details | Github username | 1 | 0xhossam |
|
| Details | Url | 1 | https://github.com/0xhossam/kernelcallbacktable-injection-poc |
|
| Details | Url | 1 | https://jentletao.top/2024/11/12/使用内核回调表进程注入/https://jentletao.top |