capa-rules icon indicating copy to clipboard operation
capa-rules copied to clipboard

Published 20 hours ago verified publisher icon mandiant

Create and open section

Open mr-tz opened this issue 4 years ago • 1 comments

NtCreateSection, ZwCreateSection, NtOpenSection, ZwOpenSection

  • https://ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection
  • https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/

mr-tz avatar Jun 25 '20 13:06 mr-tz

Please let me help you with that.

johnk3r avatar Mar 26 '21 14:03 johnk3r