| ID | B0037 |
| Objective(s) | Defense Evasion |
| Related ATT&CK Techniques | None |
| Version | 2.2 |
| Created | 14 August 2020 |
| Last Modified | 28 April 2024 |
Malware may bypass Data Execution Prevention (DEP).
| Name | ID | Description |
|---|---|---|
| ROP Chains | B0037.001 | Return-Oriented Programming can be used to bypass DEP. It can also be used to bypass code signing. [1] |
| Tool: CAPE | Mapping | APIs |
|---|---|---|
| dep_bypass | Bypass Data Execution Prevention (B0037) | VirtualProtectEx, NtProtectVirtualMemory |
[1] https://medium.com/cybersecurityservices/dep-bypass-using-rop-chains-garima-chopra-e8b3361e50ce