Attack surface mgmt

Don’t despair: You can stop common exploit techniques

July 21, 2021
  • Process hollowing takes a trusted application, such as explorer.exe or svchost.exe, and loads it onto the system in a suspended state to act as a container for hostile code. Since the malicious code’s execution is masked under a legitimate process, it evades detection by less advanced security solutions.
  • Early Bird code injection takes advantage of the application threading process that happens when a program executes on a computer. The attack loads malicious code in an early stage of the thread initialization, before many security solutions set their hooks, allowing the malware to act undetected.
  • Asynchronous procedure call (APC) is a Windows function that can redirect a thread from its normal execution path to execute something else. By injecting into that call, attackers can use it to run their malicious code.
prestitial ad