Based in the excellent article published by Gabriel Landau (Process Ghosting a New Executable Image Tampering Attack, I have developed a tool for Process Ghosting, this should be of help for the detection of such behavior by malware or other threats.
Article (Spanish):
Code & Tool:
This is awesome @Iker! 
I've shared it with the team and got great feedback. Thanks for taking the time to contribute and share your work -- love being a part of the security community! 
Cheers!
Garrett
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.