process_ghosting
process_ghosting copied to clipboard
hasherezade
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Hi, I think this technique is being blocked by windows defender, even when it's disabled, and I'm not sure how. CreateRemoteThreadEx fails with 0xc0000022. I've confirmed it was working on...
Hi, Reflective loaders like Cobalt Strike's beacon or Metasploit's meterpreter don't callback home. Beacon seems alive but not calling back home.  Also nothing on wireshark. Do you have an...
I created a reverse shell with msfvenom, precisely an exe file, but it won't fire: 'E:\process_ghosting-master\Debug>proc_ghost.exe msf_rev_https.exe [+] Created temp file: C:\Users\fancy\AppData\Local\Temp\THCFE8.tmp [+] Information set [+] Written! PEB address: 2d7000...
I have successfully made a build and used it to launch 64-Bit Payloads on x64. Is there any way to launch 32-Bit equivalents of these as well, using the 64-Bit...
when i try to build the solution i get this any help please Severity Code Description Project File Line Suppression State Error LNK2019 unresolved external symbol "bool __cdecl buffer_remote_peb(void *,struct...
Hi im trying to use this "injector" but it creates a .tmp and that makes it really detectable im not sure if it is posible to make it so it...
Hi, Is there any chance so that i can change the svchost.exe process creation so i can decide what name to use. And if you can tell me on what...
Metadata
Owner
Metadata
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file