GitHub - hasherezade/process_doppelganging: My implementation of enSilo'...

7 years ago

source link: https://github.com/hasherezade/process_doppelganging
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Process Doppelgänging

This is my implementation of the technique presented by enSilo:
https://www.youtube.com/watch?v=Cch8dvp836w

Characteristics:

Payload mapped as MEM_IMAGE (unnamed: not linked to any file)
Sections mapped with original access rights (no RWX)
Payload connected to PEB as the main module
Remote injection supported (but only into a newly created process)
Process is created from an unnamed module (GetProcessImageFileName returns empty string)

WARNING:
The 32bit version works on 32bit system only.

Recommend

112

Github github.com 7 years ago
Cache

GitHub - hasherezade/pe-sieve: Scans a given process, searching for the modules...

README.md PE-sieve

Github github.com 5 years ago
Cache

GitHub - hasherezade/module_overloading: A more stealthy variant of "DLL ho...

README.md Module Overloading

3gstudent.github.io 4 years ago
Cache

Process Doppelganging利用介绍

0x00 前言在最近的BlackHat Europe 2017，Tal Liberman和Eugene Kogan介绍了一种新的代码注入技术——Process Doppelgänging 据说这种利用方式支持所有Windows系统，能够绕过绝大多数安全产品的检测于是，本文将要...

Github github.com 3 years ago
Cache

Github GitHub - hasherezade/process_ghosting: Process Ghosting - a PE injection...

Process Ghosting This is my implementation of the technique presented by Gabriel Landau:

www.producthunt.com 3 years ago
Cache

Customer onboarding & implementation SaaS for success teams

Customer onboarding & implementation SaaS for success teamsOnboard helps customer-focused teams automate, manage, & streamline their customer onboarding process.

dev.to 3 years ago
Cache

Process & Thread Synchronisation

Introduction Linux is a multitasking operating system, which means that many different processes can be running all while at the same time. This document will investigate how Linux manages processes in terms...

www.dave-beaumont.co.uk 3 years ago
Cache

The benefits & implementation of the 'Options Pattern' in ASP.NET Core - Dav...

The benefits & implementation of the ‘Options Pattern’ in ASP.NET Core As developers...

www.geeksforgeeks.org 2 years ago
Cache

K Fold Cross-Validation & it's Implementation | Machine Learning

K Fold Cross-Validation & it's ImplementationK Fold Cross-Validation & it's Implementation | Machine LearningHello everyone, welcome to the session.

fintechranking.com 2 years ago
Cache

Food & Beverage Point of Sales System Implementation

The food and beverage industry is one that continues to evolve, requiring businesses to adopt new technologies in order to remain competitive and streamline their operations. One such technological advancement that has become indispensable for mod...

sod.pixlab.io 1 year ago
Cache

Modern Image Processing Algorithms Overview & Implementation in C

Modern Image Processing Algorithms Overview & Implementation in C Image processing plays a crucial role in numerous fields, ranging from computer vision and medical imaging to surveillance syst...

GitHub - hasherezade/process_doppelganging: My implementation of enSilo&#39;...

Process Doppelgänging

Characteristics:

Recommend

About Joyk

GitHub - hasherezade/process_doppelganging: My implementation of enSilo'...