• Home
  • Search
  • Map
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
  • Downloads
  • About
  • API

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

I'm Feeling Lucky

Search Result

1 item(s) found so far for this keyword.

Process Ghosting Process Manipulating

Process Ghosting is a technique used to bypass detection by manipulating the executable image when a process is loaded.

Windows attempts to prevent mapped executables from being modified. Once a file is mapped into an image section, attempts to open it with FILE_WRITE_DATA (to modify it) will fail with ERROR_SHARING_VIOLATION. Deletion attempts via FILE_DELETE_ON_CLOSE/FILE_FLAG_DELETE_ON_CLOSE fail with ERROR_SHARING_VIOLATION …

Made with in 🇫🇷 © 2023. The #UnprotectProject

Terms And Conditions

Contribute