This is my "lil_calc" PoC presented on the video:
Test with ProcessExplorer vs TaskManager
It is not FUD, but it can fool some tools and it can be used as a test case.
The process overwrites its own PEB to create an illusion, that it has been loaded from a different path.
fengjixuchui / process_chameleon Goto Github PK
View Code? Open in Web Editor NEWThis project forked from hasherezade/process_chameleon
A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
Home Page: https://www.youtube.com/watch?v=S3iCZ3BKkLk