> Windows Syscalls

← Back to ATT&CK index

T1574.005sub-technique

Hijack Execution Flow: Executable Installer File Permissions Weakness

View on attack.mitre.org →

1 syscalls implement this technique

NtFsControlFile
Sends FSCTL codes to a filesystem — used to plant reparse points, access ADS, and abuse junction traversal.