Process injection is a method of executing arbitrary code in the address space of a separate live process.įound a string that may be used as part of an injection methodĬode signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. ![]() ![]() Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components.įound a reference to a WMI query string known to be used for VM detection On Linux and Apple systems, multiple methods are supported for creating pre-scheduled and periodic background jobs: cron,Die.įound an indicator for a scheduled task trigger
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |