Process Doppelgänging: a more stealth alternative of the process hollowing technique?

Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan (enSilo lab) presented a a new code injection technique called “Process Doppelgänging”, that works on all Windows versions and seems to be able to bypass most of today’s major security products.

Continue reading “Process Doppelgänging: a more stealth alternative of the process hollowing technique?”

Fileless Malware for Dummies

Just some random thoughts about this kind of threat

Some days ago, a non-technical friend asked me some informations about ‘fileless malware’.

Has been pretty difficult to explain this concept to a person lacking a correct security knowledge, so i have make a recap of this talk in a brief article “4Dummies”.

Continue reading “Fileless Malware for Dummies”