3 Invisible is Best (Operating in Memory)

In this chapter, we will look at several techniques for avoiding common forensics artifacts and thus avoiding a large portion of traditional post-compromise forensic analysis. This will be the first of several reaction correspondences we examine, focusing on process injection techniques, the forensic artifacts that in-memory techniques avoid, and some detection strategies for process injection. This chapter will show you why these strategies developed naturally as a result of this conflict over the last few decades. There are certainly many great writeups of these individual techniques on the internet, but few writeups look at why attackers use these various process injection techniques, instead of just ...

Get Adversarial Tradecraft in Cybersecurity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Adversarial Tradecraft in Cybersecurity by Dan Borges

3

Invisible is Best (Operating in Memory)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly