Trusted Developer Utilities Proxy Execution (T1127)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Defense Evasion

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved May 26, 2017. Exploit Monday WinDbg
LOLBAS. (n.d.). Tracker.exe. Retrieved July 31, 2019. LOLBAS Tracker
Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017. engima0x3 RCSI Bypass
Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017. engima0x3 DNX Bypass