Thursday, January 20, 2022

Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations

Note: Another researcher recently tweeted about the technique discussed in this blog post, this is addressed in the last section of the blog (warning, spoilers!).

To access information about a running process, developers generally have to open a handle to the process through the OpenProcess API specifying a combination of 13 different process access rights:

PROCESS_ALL_ACCESS – All possible access rights for a process. PROCESS_CREATE_PROCESS – Required to create a process. PROCESS_CREATE_THREA…

Read More

Latest news
Related news