Archiv: Windows

16.05.2018 - 14:17 [ ]

SynAck ransomware circumvents antivirus software through Doppelgänging technique

(8.5.2018) Process Doppelgänging was first revealed by enSilo researchers at Black Hat Europe in December last year.

The attack technique targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.

16.05.2018 - 13:57 [ ]

Lost in Transaction: Process Doppelgänging

• Advanced Code Injections Overview
• GhostWriting
• AtomBombing
• PowerLoader + PowerLoaderEx
• PROPagate
• Reflective Loading
• Process Hollowing
• Injection method from over 10 years ago
• Has never received much attention


• Brief history of evasion techniques
• AV scanners
• Transacted NTFS (TxF)
• Evolution of Windows process loader

16.05.2018 - 13:18 [ ]

Microsoft’s Response to AtomBombing is Post-Infection Detection

(21.7.2017) The Microsoft update that addresses both “Process Hollowing” and “AtomBombing” will only be available for those that have purchased Windows Defender and will only be available in October or November 2017. Windows Defender ATP has only been addressing security issues for less than a year and Windows customers have to purchase Windows Defender ATP.

03.05.2018 - 11:21 [ ]

CPU Utilization Is Wrong on PCs, and Getting Worse Every Year

But the takeaway is this: CPU utilization, as reported by Windows, is often incorrect. All too often, what looks like CPU usage is actually a stalled CPU waiting to do something useful.

29.03.2018 - 10:46 [ Digital Trends ]

Microsoft’s Windows 7 Meltdown update granted access to all data in memory

“Windows 7 already did the hard work of mapping in the required memory into every running process,” Frisk states. “Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or system calls required — just standard read and write!”