Injection

Injection represents a sophisticated class of exploitation techniques within the "Deepening Control" phase, specifically employed for Defense Evasion. In this attack vector, malicious actors introduce unexpected input or code into an application's processing flow to manipulate the underlying system into executing unauthorized commands. This includes methods such as SQL injection, command injection, LDAP injection, NoSQL injection, and more advanced variants like cross-site scripting (XSS) when targeting web applications. Unlike basic exploitation that focuses on initial access, injection during the deepening control phase specifically aims to bypass established security controls, maintain persistence, and elevate privileges without triggering detection mechanisms. Attackers leverage these techniques to manipulate input validation flaws, parser vulnerabilities, and interpreter weaknesses to inject malformed data that gets processed as legitimate commands, allowing them to evade defensive measures like WAFs, IDS/IPS systems, and application sandboxes. The effectiveness of injection at this stage stems from its ability to execute within the context of authenticated sessions or trusted processes, making it particularly challenging to detect through standard security monitoring.