![]() ![]() Queries disc information (often used to evade virtual machines) The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.Ĭontains ability to query the machine timezoneĪdversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Tries to obtain the highest possible privilege level without UAC dialogĪdversaries can use methods of capturing user input for obtaining credentials for ] and information ] that include keylogging and user input field interception.Ĭontains ability to retrieve keyboard strokes Windows User Account Control (UAC) allows a program to elevate its privileges to perform a task under administrator-level permissions by prompting the user for confirmation. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Opens the Kernel Security Device Driver (KsecDD) of Windows ![]() Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Interacts with the primary disk partition (DR0) Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.Ī bootkit is a malware variant that modifies the boot sectors of a hard drive, including the Master Boot Record (MBR) and Volume Boot Record (VBR). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |