Parent PID Spoofer & injector

​Parent PID Spoofer / injector: Inject into ApplicationFrameHost.exe UNDETECTED by MDE Automation but offensive behavior articulated in MDE device timeline. REALITY: A human defender regularly checking MDE device timeline would be all over this tradecraft. Regardless, as usual, I learned a lot by playing with the tradecraft for myself.  

 

Parent PID Spoofing in C# (Used in video):

​https://github.com/mvelazc0/defcon27_csharp_workshop/blob/master/Labs/lab8/1.cs 
 

 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam