Standardlikelihood: Lowseverity: Very HighDraft

CAPEC-30Hijacking a Privileged Thread of Execution

Abstraction
Standard
Status
Draft
Likelihood
Low
Severity
Very High

Description

An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.

Related weaknesses· 1

CWE-270

MITRE ATT&CK crosswalk· 1

T1055.003: Process Injection: Thread Execution Hijacking

Related attack patterns· 1

CAPEC-233 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessPrivilege Context Switching Errorcwe-270100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueThread Execution Hijackingt1055.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Hijacking a privileged process
Sub-technique
Thread Execution Hijacking
CAPEC
Inclusion of Code in Existing Process
CAPEC
Target Programs with Elevated Privileges
CAPEC
Escaping Virtualization
CAPEC
Privilege Abuse
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.