Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
 

Technique T1574

Hijack Execution Flow

This is Hijack Execution Flow’s first appearance in the Threat Detection Report, and its prevalence is due to threats leveraging its DLL Search Order Hijacking sub-technique, which made the list in 2020.

#10

Technique rank

8.4%

Organizations affected

859

Confirmed threats
Prevalent Sub-techniques
T1574.001
DLL Search Order Hijacking
DLL Search Order Hijacking
Arrow Icon

#5

Sub-technique rank

7.8%

organizations affected

846

confirmed threats

Ranking fifth among sub-techniques, DLL Search Order Hijacking is popular among adversaries because it allows them to introduce malicious binaries in a way that can be exceedingly difficult to detect.

SEE MORE

Definition

T1036: Masquerading
"Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names."
Match Legitimate Name or Location
DLL Search Order Hijacking
 

See what it's like to have a security ally.

Experience the difference between a sense of security and actual security.
Get a Demo
 
 
 
 
Back to Top