Skip to content

Hide Navigation Hide TOC

Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7)

Randomizing the base (start) address of one or more segments of memory during the initialization of a process.

Cluster A Galaxy A Cluster B Galaxy B Level
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND 1
Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1
Segment Address Offset Randomization (16bb3607-f4a0-543e-9d1f-d5e0792b35d7) MITRE D3FEND Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern 1
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2