My experiments with ProcessDoppelganging - running a PE from any file
The funny thing about ProcessDoppelganging is that the initially mapped file does not even have to be PE. Check the code:
https://github.com/hasherezade/proces...
Compiled versions: https://github.com/hasherezade/proces...
---
The original ProcessDoppelganging technique has been presented by enSilo at BlackHat: https://www.youtube.com/watch?v=Cch8d...
My experiments with ProcessDoppelganging - running a PE from any file
Reviewed by Anonymous
on
January 15, 2018
Rating:
Reviewed by Anonymous
on
January 15, 2018
Rating:
