Security researchers from Endpoint Security firm Ensilo discovered a new Evasion technique dubbed Process Doppelgänging which works with all the versions of windows and can Evade well-known security products forensics tools.
Doppelgänging introduced in BLACKHAT EUROPE 2017, with Doppelgänging they load and execute an arbitrary as, like a legitimate process, it is similar to Process Hollowing, but it uses NTFS Transactions.
READ MORE: GBHackers On Security
Doppelgänging introduced in BLACKHAT EUROPE 2017, with Doppelgänging they load and execute an arbitrary as, like a legitimate process, it is similar to Process Hollowing, but it uses NTFS Transactions.
READ MORE: GBHackers On Security
No comments:
Post a Comment