Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Doppelgänging: How to circumvent security products to execute code on Windows

Cipher-herocredcnet

Researchers have disclosed an attack which exploits processes in the Windows operating system to circumvent all traditional security software and perform code execution attacks.

At Black Hat Europe on Thursday, security professionals Eugene Kogan and Tal Liberman from endpoint security firm enSilo revealed research into how cybersecurity products on the market can be circumvented by exploiting how they scan for malware and interact with memory processes.

In a presentation titled, "Lost in transaction: Process Doppelgänging," the team described a play on process hollowing to circumvent security software.

Process hollowing is the creation of a process for the sole purpose of running a malicious executable inside.

Attackers who favor this method load a process in a suspended state, replace elements of memory with crafted code and then resume the process -- tricking a system into believing the process is legitimate and safe to run.

Many security solutions today now take...(continued)

View All Trending Stories