Microsoft Sysmon: Detects malware attempts



One of the techniques followed by hackers, is to introduce malicious code into a legal process of Windows, to avoid detection. This tactic allows malware to run, but Task Manager detects it as a standard Windows process running in the background.

The technique Hollowing, starts with a legal procedure in a state of suspension, which then replaces the legal code with malicious. This malicious code is then executed by the process, with any rights assigned to the process.

Read more…