Detectsubtechnique

D3-MBTMemory Boundary Tracking

Definition

Analyzing a call stack for return addresses which point to unexpected memory locations.

Defends against7

TypeTargetConfidenceTier
SubTechniqueCredential API Hookingt1056.004100%live
TechniqueExploitation for Credential Accesst1212100%live
TechniqueExploitation for Defense Evasiont1211100%live
TechniqueExploitation for Client Executiont1203100%live
TechniqueExploitation of Remote Servicest1210100%live
SubTechniqueProcess Hollowingt1055.012100%live
TechniqueExploitation for Privilege Escalationt1068100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
Memory Block Start Validation
Defence
Control Flow Integrity
Defence
Shadow Stack Comparisons
Defence
Firmware Behavior Analysis
Defence
System Call Analysis
Defence
Indirect Branch Call Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.