Chains
TTPs
Blog
Login
Prelude TTP browser
Process injection via UserAPC Queuing
Tactic:
Defense-evasion
Professional
This is a professional level chain. This TTP requires an professional license to use.
This TTP will launch a notepad process and queue a user-mode asynchronous procedure call, that should launch calc.exe when the thread is resumed.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.
Login
Authors
bartimus
Tactic
Defense-evasion
Test this TTP
Download Operator (1.7.1)