TangledWinExec: C# PoCs for investigation of Windows process execution techniques investigation

0
35

Tangled WinExec

This repository is for investigation of Windows process execution techniques. Most of PoCs are given a name corresponding to the technique.

Projects

CommandLineSpoofing : This PoC performs Command Line Spoofing.

PPIDSpoofing : This PoC performs PPID Spoofing.

ProcessDoppelgaenging : This PoC performs Process Doppelgänging. Due to kernel protection improvement, this technique does not work for recent Windows OS (> Windows 10 Version 1809, as far as I tested). See the issue fo…

Read More