The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows. The technique [1] is the evolution of already known attack methods such us as Process Doppelgänging and Process Herpaderping, and could potentially allow malware writers to […]
The post How “Process Ghosting“ works first appeared on Andrea Fortuna.Article Link: https://www.andreafortuna.org/2021/06/20/how-process-ghosting-works/