Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Search Result

1 item(s) found so far for this keyword.

Parent PID Spoofing Process Manipulating

You can spoof the parent process identifier (PPID) of a new process to evade process-monitoring defenses. New processes are typically spawned directly from their parent, or calling, process unless explicitly specified. One way of explicitly assigning the PPID of a new process is via the CreateProcess API call, which supports a parameter that defines the PPID to use.

Read More