Access Token Manipulation: Parent PID Spoofing
Abstract: One of the most useful techniques hunt teams can use for detecting anomalous activity is the analysis of parent-child process relationships. However, more capable adversaries can bypass this using Parent PID Spoofing allowing the execution of a malicious process from an arbitrary parent process. While it’s not any new technique having been covered by…
Read more