Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,151 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In reading FireEye's recent blog on "Smoking out a DARKSIDE affiliate's supply chain software compromise" I followed the thread to one of the noted frameworks, ScareCrow. See github - optiv/ScareCrow .
In reviewing process hollowing and herpaderping, it appears that this attack vector (according to their claims) would go undetected. I haven't tested this in the lab, but am curious as to how SYSMON can be used to detect the actions.
Looking forward to the insights the community can bring to the forefront on this.
CuriousHunter