Doppelgänging introduced in BLACKHAT EUROPE 2017, with Doppelgänging they load and execute an arbitrary as, like a legitimate process, it is similar to Process Hollowing, but it uses NTFS Transactions.
READ MORE: GBHackers On Security
Friday, December 8, 2017
Process Doppelgänging Attack Works on all version of Windows Evade AV products and Forensics tools
Doppelgänging introduced in BLACKHAT EUROPE 2017, with Doppelgänging they load and execute an arbitrary as, like a legitimate process, it is similar to Process Hollowing, but it uses NTFS Transactions.
READ MORE: GBHackers On Security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment