CYBER MONGOL
  • Our Journey
  • ASATA
  • Human-Machine Teaming
  • Operator Research
  • Offensive Intelligence
  • Our Journey
  • ASATA
  • Human-Machine Teaming
  • Operator Research
  • Offensive Intelligence
Search by typing & pressing enter

YOUR CART

1/15/2021

Process Hollowing

​On average, AV/EDR is doing a good job at catching this type of injection. In this video, we first hollowed with OpenThread, SuspendThread, VirtualAllocEx, WriteProcessMemory, and ResumeThread which was swiftly dealt wit by Defender for Endpoint. However, our automation distilled another prevalent API signature for hollowing that was used later in the video and ran undetected. Our automation creates these signatures by looking over millions of lines of malicious code and graphing relationships between files, functions, processes, libraries and social contexts. A detailed look at these process hollowing techniques and a look at the signature we distilled to find advanced Cobalt Strike tradecraft, will be published in our first-ever Cyber Mongol CTI report.  Get a hold of us to find out more. 

Comments are closed.

    Archives

    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.