Bengaluru, Karnataka, INDIA 560042
+91-9784367546, +91-8839669785

Tag: Pid spoofing

A Real World Adversary Labs

Access Token Manipulation: Parent PID Spoofing

Abstract: One of the most useful techniques hunt teams can use for detecting anomalous activity is the analysis of parent-child process relationships. However, more capable adversaries can bypass this using Parent PID Spoofing allowing the execution of a malicious process from an arbitrary parent process. While it’s not any new technique having been covered by…
Read more