Search Evasion Techniques
Names, Techniques, Definitions, Keywords
1 item(s) found so far for this keyword.
Process Ghosting is a technique used to bypass detection by manipulating the executable image when a process is loaded.
Windows attempts to prevent mapped executables from being modified. Once a file is mapped into an image section, attempts to open it with
FILE_WRITE_DATA (to modify it) will fail with
ERROR_SHARING_VIOLATION. Deletion attempts via
FILE_FLAG_DELETE_ON_CLOSE fail with