Skip to content
/ Process_Doppelganging Public

A malware technique that makes use of NTFS transactions to create a process that is not backed by a malicious file

License

MIT license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BlackHat-Ashura/Process_Doppelganging

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Process Doppelganging
Process Doppelganging
 
 
LICENSE
LICENSE
 
 
Process Doppelganging.sln
Process Doppelganging.sln
 
 
README.md
README.md
 
 

Repository files navigation

Process_Doppelganging

Process Doppelganging is a process injection technique that makes use of NTFS transaction to overwrite the contents of a file and create a section out of it and the transaction is reverted. This section is used to create a process that is not backed by any malicious binary.

Usage : "Process Doppelganging.exe" <Program to run>

About

A malware technique that makes use of NTFS transactions to create a process that is not backed by a malicious file

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages