In this talk, we will cover hiding techniques that prevent executable pages (containing injected code) from being reported by current memory forensic plugins. These techniques can either be implemented by malware in order to hide its injected code (as already observed) or can, in one case, unintentionally be taken care of by the operating system through its paging mechanism.

By Frank Block

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...