11/28/2021 Parent PID Spoofer & injectorParent PID Spoofer / injector: Inject into ApplicationFrameHost.exe UNDETECTED by MDE Automation but offensive behavior articulated in MDE device timeline. REALITY: A human defender regularly checking MDE device timeline would be all over this tradecraft. Regardless, as usual, I learned a lot by playing with the tradecraft for myself.
Parent PID Spoofing in C# (Used in video): https://github.com/mvelazc0/defcon27_csharp_workshop/blob/master/Labs/lab8/1.cs #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam Comments are closed.
|