Skip to main content

Security audit events explained

The Security Audit report shows the events detected by the Advanced Anti-Exploit module grouped under the following categories:

Exploit - ROP

This category encapsulates the detections by the following exploit techniques:

  • ROP Emulation

  • ROP Stack Pivot

  • ROP Illegal call

  • ROP Stack Misaligned

  • ROP Return To Stack

  • ROP Make Stack Executable

  • ROP Create Thread

Exploit - Flash

This category encapsulates the detections by the following exploit techniques:

  • Flash Generic

  • Flash Payload

Exploit - Shellcode

This category encapsulates the detections by the following exploit techniques:

  • Shellcode Execution

  • Shellcode LoadLibrary

Exploit - Process Creation

This category encapsulates the detections by the following exploit techniques:

  • Obsolete Process Creation

  • Child Process Creation

Exploit - System

This category encapsulates the detections by the following exploit techniques:

  • Privilege Escalation

  • LSASS memory access

Exploit - Others

This category encapsulates the detections by the following exploit techniques:

  • Anti-Detour

  • Anti-Meterpreter