https://blog.lentic.de/tags/doppelg%C3%A4nging/ Recent content in Doppelgänging on fahersto's blog Hugo -- gohugo.io en <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Sun, 03 Dec 2023 00:00:00 +0000 https://blog.lentic.de/posts/process_doppelganging/ Sun, 03 Dec 2023 00:00:00 +0000 https://blog.lentic.de/posts/process_doppelganging/ What is Process Doppelgänging? Process Doppelgänging is a code injection technique which allows to load and execute arbitrary code in the context of a benign process without calling Windows API functions commonly invoked to achieve code injection. The technique was published by Tal Liberman and Eugene Kogan at Black Hat Europe 2017. The concept is to abuse NTFS transactions to create a process from a malicious section that is seemingly backed by a benign file.