Thursday, January 20, 2022

Picky PPID Spoofing

Parent Process ID (PPID) Spoofing is one of the techniques employed by malware authors to blend in the target system. This is done by making the malicious process look like it was spawned by another process. This helps evade detections that are based on anomalous parent-child process relationships.

When I started learning and implementing this technique, the first question that popped into my mind is what parent-child process relationship should I spoof.

Using Process Hacker, I noticed several…

Read More

Latest news
Related news