Skip to content
/ Process_Ghosting Public

Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique.

License

MIT license
14 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BlackHat-Ashura/Process_Ghosting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Process Ghosting
Process Ghosting
 
 
LICENSE
LICENSE
 
 
Process Ghosting.sln
Process Ghosting.sln
 
 
README.md
README.md
 
 

Repository files navigation

Process_Ghosting

Process Ghosting is a process injection technique in which an attacker creates a temp file, mark it for deletion (delete-pending state), copies/maps a malware into the memory (image section), close the handle (which deletes it from the disk), then create a process from the now-fileless section.

Usage : "Process Ghosting.exe" <Program to run>

About

Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique.

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages