I've been reading about https://attack.mitre.org/techniques/T1546/012/
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by Image File Execution Options (IFEO) debuggers. IFEOs enable a developer to attach a debugger to an application. When a process is created, a debugger present in an application’s IFEO will be prepended to the application’s name, effectively launching the new process under the debugger
e.g.,
C:\dbg\ntsd.exe -g notepad.exe
Few questions:
Can adversaries execute malware undetected using this technique?
e.g.
C:\dbg\ntsd.exe -g malware.exe If yes, does that mean that ntsd.exe pose a risk and should be blocked?
I would like to test this, but how do I get ntsd.exe? I don't see this in Ms Windows.
[link] [comments]
from hacking: security in practice https://ift.tt/3CPcHEB
Comments
Post a Comment