Github GitHub - hasherezade/process_ghosting: Process Ghosting - a PE injection...

3 years ago

source link: https://github.com/hasherezade/process_ghosting
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Process Ghosting

This is my implementation of the technique presented by Gabriel Landau:
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack

Characteristics:

Memory artifacts as in Process Doppelgänging
Payload mapped as MEM_IMAGE (unnamed: not linked to any file)
Sections mapped with original access rights (no RWX)
Payload connected to PEB as the main module
Remote injection supported (but only into a newly created process)
Process is created from an unnamed module (GetProcessImageFileName returns empty string)

WARNING:
The 32bit version works on 32bit system only.

Recommend

Github github.com 7 years ago
Cache

GitHub - hasherezade/process_doppelganging: My implementation of enSilo'...

Process Doppelgänging This is my implementation of the technique presented by enSilo: https://www.youtube.com/watch?v=Cch8dvp836w Characteristics:

112

Github github.com 7 years ago
Cache

GitHub - hasherezade/pe-sieve: Scans a given process, searching for the modules...

README.md PE-sieve

crewnecksandsnapbacks.com 5 years ago
Cache

Newest iOS update to feature “anti-ghosting” software.

Apple, the security guru company, is introducing a brand new feature with the release of its next software update. Currently, users are able to enable the option to be notified when someone reads their messages. Apple will now notify the recip...

Github github.com 5 years ago
Cache

GitHub - hasherezade/module_overloading: A more stealthy variant of "DLL ho...

README.md Module Overloading

landing.coolermaster.com 4 years ago
Cache

Anti-Ghosting

Ghosting Ghosting occurs when an unintended signal/character is sent due to the maximum number of simultaneous key presses being reached....

rachelbythebay.com 4 years ago
Cache

"Kicking over" and "ghosting over" customer drives

"Kicking over" and "ghosting over" customer drives Once you see the same problem happen a few times, you should start thinking of things that can be done to make it disappear. If there are a lot of problems, you might have to han...

forums.macrumors.com 4 years ago
Cache

Is this lens flare (ghosting) effect normal? | MacRumors Forums

iPhone 12 Pro Is this lens flare (ghosting) effect normal? ...

toptech.news 4 years ago
Cache

Sigma Has Fixed 28-70mm Ghosting Issues, Will Replace Affected Units

toptech.news 4 years ago
Cache

Sigma has fixed ghosting issues with its 28-70mm F2.8 DG DN lens, is replacing a...

Sigma has fixed ghosting issues with its 28-70mm F2.8 DG DN lens, is replacing affected lenses Back in March, Sigma iss...

index.medium.com 3 years ago
Cache

Ghosting Is A Tedious Trend. The Real Demon Is More Dangerous

CORPORATE GLOSSARYGhosting Is A Tedious Trend. The Real Demon Is More DangerousYou'll never look at your work the same way again

Github GitHub - hasherezade/process_ghosting: Process Ghosting - a PE injection...

Process Ghosting

Characteristics:

Recommend

About Joyk