Adversaries may abuse inter-process communication (IPC) mechanisms for local code or command execution. IPC is typically used by processes to share data, communicate with each other, or synchronize execution. IPC is also commonly used to avoid situations such as deadlocks, which occurs when processes are stuck in a cyclic waiting pattern.
Adversaries may abuse IPC to execute arbitrary code or commands. IPC mechanisms may differ depending on OS, but typically exists in a form accessible through programming languages/libraries or native interfaces such as Windows Dynamic Data Exchange or Component Object Model. Higher level execution mediums, such as those of Command and Scripting Interpreters, may also leverage underlying IPC mechanisms.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| azure_defender_for_app_service | Azure Defender for App Service | technique_scores | T1559 | Inter-Process Communication |
Comments
This control's Fileless Attack Detection covers the command execution aspects of both of this technique's sub-techniques. Detection is periodic at an unknown rate.
References
|
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1559.001 | Component Object Model | 14 |
| T1559.002 | Dynamic Data Exchange | 15 |