What modifications to process hollowing and more modern alternatives?

3c2n90yt57489t3y8794 · 18.12.2023

Hello,
1) what are some more modern methods than process hollowing to run executable in memory?
2) what are the most common modification applied to process hollowing to make it undetectable to modern antivirus? (masking api calls with ntdll alterntives? what else is used?)

salsa20 · 19.12.2023

3c2n90yt57489t3y8794 сказал(а):

Hello,
1) what are some more modern methods than process hollowing to run executable in memory?
2) what are the most common modification applied to process hollowing to make it undetectable to modern antivirus? (masking api calls with ntdll alterntives? what else is used?)

1) There are several modern methods to run executables in memory, some of whic - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Kernel32dll · 23.12.2023

n1k7 · 20.05.2024

Более неиспользуемыми, чем пустые процессы, являются герпадерпли, призрачные пустоты и транзакционные пустоты.

Ниже я привел пример POC:

GitHub - Hagrid29/herpaderply_hollowing: Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping

Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping - Hagrid29/herpaderply_hollowing

github.com

What modifications to process hollowing and more modern alternatives?

3c2n90yt57489t3y8794

RAID-массив

salsa20

(L2) cache

1) There are several modern methods to run executables in memory, some of whic - Pastebin.com

Kernel32dll

(L3) cache

n1k7

Read, learn and stay hard.

GitHub - Hagrid29/herpaderply_hollowing: Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping