Search For Content
Search Result
2 item(s) found so far for this keyword.
Hide Artifacts: Process Argument Spoofing
![Defense Evasion [Mitre] icon](/media/2024/04/08/icons8-burglar.svg){kind=small}
Adversaries may attempt to hide process command-line arguments by overwriting process memory. Process command-line arguments are stored in the process environment block (PEB), a data structure used by Windows to store various information about/used by a process. The PEB includes the process command-line arguments that are referenced when executing the process. When a process is created, defensive tools/sensors that monitor …
Read moreProcess Argument Spoofing
Process Argument Spoofing is a technique used by attackers to hide their true intentions by changing the command line arguments of a process after it has started.
--windows-- This is done by tampering with the Process Environment Block (PEB).
The PEB is a structure in Windows that holds various information about a running process. Within the PEB, there's …
Read more