![]() Queries the display settings of system associated file extensionsĪdversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. Reads information about supported languages Process injection is a method of executing arbitrary code in the address space of a separate live process.Īdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in Persistence and Execution.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Uses powershell with an encoded commandlineĬommand-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. Uses powershell with a windows hidden commandline param ![]() PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Įxecutes powershell requesting to bypass execution policy
0 Comments
Leave a Reply. |