Archive

16.05.2018 - 14:17 [ zdnet.com ]

SynAck ransomware circumvents antivirus software through Doppelgänging technique

(8.5.2018) Process Doppelgänging was first revealed by enSilo researchers at Black Hat Europe in December last year.

The attack technique targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.

16.05.2018 - 13:57 [ blackhat.com ]

Lost in Transaction: Process Doppelgänging

(4-7.12.2017)
• Advanced Code Injections Overview
• GhostWriting
• AtomBombing
• PowerLoader + PowerLoaderEx
• PROPagate
•…
• Reflective Loading
• Process Hollowing
• Injection method from over 10 years ago
• Has never received much attention

(…)

• Brief history of evasion techniques
• AV scanners
• Transacted NTFS (TxF)
• Evolution of Windows process loader