방어

MITRE ATT&CK

MITRE ATT&CK - Signed Binary Proxy Execution

Notion : https://oval-taste-7e9.notion.site/Signed-Binary-Proxy-Execution-5762c9f05e144616a0178ff8013278b6 1. Signed Binary Proxy Execution Sub-Techniques Sub-techniques **T1218.001 - Compiled HTML File** **T1218.002 - Control Panel** **T1218.003 - CMSTP ( Microsoft Connection Manager Profile Installer )** **T1218.004 - InstallUtil** **T1218.005 - Mshta ( Microsoft HTML Application )** **T1218.0..

MITRE ATT&CK

MITRE ATT&CK - Process Injection

Notion : https://oval-taste-7e9.notion.site/Process-Injection-02685376049140bdabcfc82ff562331c S1. Get Target Process Handle 새로운 프로세스 생성 또는 실행 중인 프로세스의 핸들 획득 CreateProcess / OpenProcess svchost.exe, rundll32.exe, ... S2. Alloc Virtual Address Memory for Target Process 타겟프로세스의 가상주소공간에 새로운 메모리 영역(DLL 삽입 공간) 할당 상황에 따라 토큰 활성화 필요 SeDebugPrivilege OpenProcessToken LookupPrivilegeValue AdjustTokenPrivi..

a2sembly
'방어' 태그의 글 목록