Acknowledgement
본 연구는 산업통상자원부(MOTIE)와 한국에너지기술평가원(KETEP)의 지원을 받아 수행한 연구과제임. (NO. 20171510102080)
References
- 위키백과, https://ko.wikipedia.org/wiki/Microsoft_Windows
- 황현욱; 채종호; 윤영태. 윈도우 환경에서의 메모리 인젝션 기술과 인젝션 된 DLL 분석 기술. 융합보안논문지, 2006, 6.3: 59-67. UCI : G704-001662.2006.6.3.004
- C. S. Wright, "Taking control, Functions to DLL injection", March 2007. https://dx.doi.org/10.2139/ssrn.3153492
- Amit Klein, Itzik Kotler, "Windows Process Injection in 2019", Black Hat USA 2019, 2019. https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All-wp.pdf
- Hosseini, Ashkan, "Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques", Endpoint Security Blog (2017). https://www.elastic.co/kr/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
- 보안뉴스, 파일리스 위협과 랜섬웨어의 결합으로 탄생한 멀웨어 등장, 2017.06, Available at: https://www.boannews.com/media/view.asp?idx=55391&page=1&kind=3
- 보안뉴스, 넷워커 랜섬웨어, 사업 모델 바꾸더니 순식간에 수익 불어나, 2020.08, Available at: https://www.boannews.com/media/view.asp?idx=90291&page=1&kind=1
- 보안뉴스, 2020년 1분기 최악의 신규 랜섬웨어 5종 꼽아보니... '코로나' 키워드 악용, 2020.06, Available at: https://www.boannews.com/media/view.asp?idx=89122&page=1&kind=1
- A. H. A. Kamal et al., "Cybersecurity Issues and Challenges during Covid-19 Pandemic", Preprints, 2020. 2020090249. https://doi.org/10.20944/preprints202009.0249.v1
- S. Fewer, "Reflective DLL injection", Harmony Security, Version 1, 2008 https://github.com/stephenfewer/ReflectiveDLLInjection
- M. Gorelik and R. Moshailov, "Fileless Malware: Attack Trend Exposed", Morphisec Ltd, 2017. https://blog.morphisec.com/fileless-malware-attack-trend-exposed
- B. L. Krishna, "Comparative Study of Fileless Ransomware", International Journal of Trend in Scientific Research and Development (IJTSRD), 4(3): pp. 608-616, April 2020. https://www.ijtsrd.com/engineering/computer-engineering/30600/comparative-study-of-fileless-ransomware/krishna-b-l
- K. McCammon, et al., "2020 Threat Detection Report", Red Canary: Improve Security with Threat Detection, 2020.03 https://redcanary.com/threat-detection-report/introduction/
- MITRE ATT&CK®, "Process Injection", https://attack.mitre.org/techniques/T1055/
- https://github.com/SafeBreach-Labs/pinjectra
- Microsoft Docs., "Process Explorer v16.32" https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
- Userland API Monitoring and Code Injection Detection, https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565
- Kaspersky Lab., https://encyclopedia.kaspersky.com/glossary/code-injection/
- Kaspersky Lab., https://encyclopedia.kaspersky.com/glossary/dll-injection/
- https://attack.mitre.org/techniques/T1055/008/
- https://attack.mitre.org/techniques/T1055/009/
- S. Sayeed, et al., "Control-flow integrity: Attacks and protections", Applied Sciences 9.20 (2019): 4229. https://doi.org/10.3390/app9204229
- Microsoft Docs., "Control Flow Guard", https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
- Z. Yunhai, "Bypass control flow guard comprehensively", Black Hat USA (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf
- Weston, David, and Matt Miller, "Microsoft's strategy and technology improvements toward mitigating arbitrary native code execution", CanSecWest 2017 (2017). https://cansecwest.com/slides/2017/CSW2017_Weston-Miller_Mitigating_Native_Remote_Code_Execution.pdf
- 임수민; 임을규, 프로세스 가상 메모리 데이터 유사성을 이용한 프로세스 할로윙 공격 탐지, 정보보호학회논문지, 2019, 29.2:431-438. https://doi.org/10.13089/JKIISC.2019.29.2.431
- Github Repository, "Captain", https://github.com/y3n11/Captain
- Github Repository, "UnRunPE", https://github.com/NtRaiseHardError/UnRunPE
- Github Repository, "Dreadnought", https://github.com/NtRaiseHardError/Dreadnought
- Github Repository, "Rekall discontinuation", https://github.com/google/rekall
- Github, "Volatility Foundation", https://github.com/volatilityfoundation
- SRIVASTAVA, Anurag; JONES, James H., Detecting code injection by cross-validating stack and VAD information in windo ws physical memory, In: 2017 IEEE Confe rence on Open Systems (ICOS). IEEE, 2017. pp. 83-89. https://doi.org/10.1109/ICOS.2017.8280279
- Balaoura, Sotiria, "Process injection techniques and detection using the Volatility Framework", MS thesis, University of Piraeus, 2018. http://dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/11578/Balaoura_MTE1623.pdf?sequence=1&isAllowed=y
- BLOCK, Frank; DEWALD, Andreas, Windows Memory Forensics: Detecting (Un) Intentionally Hidden Injected Code by Examining Page Table Entries, Digital Investigation, 2019, 29: S3-S12. https://doi.org/10.1016/j.diin.2019.04.008
- InfoWorld, "Microsoft UWP boosts security for Windows apps", https://www.infoworld.com/article/3049955/microsoft-uwp-boosts-security-for-windows-apps.html
- Microsoft Docs., "DUMPBIN Reference", https://docs.microsoft.com/en-us/cpp/build/reference/dumpbin-reference?view=msvc-160