PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.
Tag: Process Hollowing
Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan (enSilo lab) presented a a new code injection technique called “Process Doppelgänging”, that works on all Windows versions and seems to be able to bypass most of today’s major security products.
About the “Process Hollowing” i have already written some posts (like this). However, i’ve never published any practical example. So, today i want to quote this interesting article where Tigzy explains the process hollowing with a brief code snippet. in wich the process hollowing is explained with a brief code snippet. A brief recap: what […]