Picky PPID Spoofing
Parent Process ID (PPID) Spoofing is one of the techniques employed by malware authors to blend in the target system. This is done by making the malicious process look like it was spawned by another process. This helps evade detections that are based on anomalous parent-child process relationships.
https://capt-meelo.github.io//redteam/maldev/2021/11/22/picky-ppid-spoofing.html
#pid #spoofing #redteam #maldev #malware
Parent Process ID (PPID) Spoofing is one of the techniques employed by malware authors to blend in the target system. This is done by making the malicious process look like it was spawned by another process. This helps evade detections that are based on anomalous parent-child process relationships.
https://capt-meelo.github.io//redteam/maldev/2021/11/22/picky-ppid-spoofing.html
#pid #spoofing #redteam #maldev #malware
Hack.Learn.Share
Picky PPID Spoofing
Performing PPID Spoofing by targeting a parent process with a specific integrity level.
🎭 Spoofing Call Stacks To Confuse EDRs
The article focuses on techniques for call stack spoofing to bypass detection by EDR. It explains how to fake call stacks during Windows API interactions to mask malicious activity, such as accessing the lsass process, as legitimate operations. The text details the mechanics of call stacks in the x64 architecture, the use of unwind codes, tools for analysis, and provides a PoC implementation demonstrating call stack spoofing in practice.
🔗 Research:
https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs
🔗 Source:
https://github.com/WithSecureLabs/CallStackSpoofer
#edr #evasion #stack #spoofing #lsass
The article focuses on techniques for call stack spoofing to bypass detection by EDR. It explains how to fake call stacks during Windows API interactions to mask malicious activity, such as accessing the lsass process, as legitimate operations. The text details the mechanics of call stacks in the x64 architecture, the use of unwind codes, tools for analysis, and provides a PoC implementation demonstrating call stack spoofing in practice.
🔗 Research:
https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs
🔗 Source:
https://github.com/WithSecureLabs/CallStackSpoofer
#edr #evasion #stack #spoofing #lsass
🔥12❤2