Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped memory
Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and a
In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware campaigns
According to MITRE, “Adversaries can use the COM system to insert malicious code that executes in place of legitimate software by hijacking COM references and
During Red Team assessments, after an attacker has compromised a system, they often move laterally through the network, gaining more relevant information on other systems.
Parent PID spoofing is an access token manipulation technique that helps an attacker evade defense mechanisms such as heuristic detection by spoofing the PPID of
According to MITRE, adversaries often use Windows persistence techniques such as shortcut modification to maintain access or escalate privileges. Consequently, in this blog, we explore
Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The technique
An attacker can exploit Windows Task Scheduler to schedule malicious programs for initial or recurrent execution. For persistence, the attacker typically uses Windows Task Scheduler