What technique allows attackers to inject malicious code directly from the Windows registry through a legitimate system process, bypassing UAC and other controls?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

What technique allows attackers to inject malicious code directly from the Windows registry through a legitimate system process, bypassing UAC and other controls?

Explanation:
This technique centers on using the Windows registry to hijack how a legitimate system process runs code. By editing registry keys that control startup and loaded components, an attacker can point a trusted process to execute malicious code or load a malicious DLL. Because the code runs within a trusted, legitimate process, it inherits that process’s privileges, which often means no UAC prompt or other user-facing controls appear. This makes the attack stealthy and effective for persistence, since the malicious code is triggered by configurations the system already trusts. For example, registry keys that auto-launch programs at logon or modify where a process looks for its components can be abused to have Windows execute attacker-controlled code whenever the process starts. This contrasts with memory code injection, which happens inside a running process’s memory rather than through registry-driven startup or load paths. It also helps explain why a broad label like malware persistence is less precise than identifying the registry-based hijacking technique. Legitimate applications isn’t an attack method at all.

This technique centers on using the Windows registry to hijack how a legitimate system process runs code. By editing registry keys that control startup and loaded components, an attacker can point a trusted process to execute malicious code or load a malicious DLL. Because the code runs within a trusted, legitimate process, it inherits that process’s privileges, which often means no UAC prompt or other user-facing controls appear. This makes the attack stealthy and effective for persistence, since the malicious code is triggered by configurations the system already trusts.

For example, registry keys that auto-launch programs at logon or modify where a process looks for its components can be abused to have Windows execute attacker-controlled code whenever the process starts. This contrasts with memory code injection, which happens inside a running process’s memory rather than through registry-driven startup or load paths. It also helps explain why a broad label like malware persistence is less precise than identifying the registry-based hijacking technique. Legitimate applications isn’t an attack method at all.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy