Monitors specific registry key for changes Queries the internet cache settings (often used to hide footprints in index.dat or internet cache) Process injection is a method of executing arbitrary code in the address space of a separate live process.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. ![]() Opens the Kernel Security Device Driver (KsecDD) of Windows Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. ![]() Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |