PE-sieve, a command line tool for investigating inline hooks

PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.

Continue reading “PE-sieve, a command line tool for investigating inline hooks”

Process Doppelgänging: a more stealth alternative of the process hollowing technique?

Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan (enSilo lab) presented a a new code injection technique called “Process Doppelgänging”, that works on all Windows versions and seems to be able to bypass most of today’s major security products.

Continue reading “Process Doppelgänging: a more stealth alternative of the process hollowing technique?”