skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Process Hollowing Challenges on Windows 11 24H2

/ 1 min read

🪄 Process Hollowing Faces Challenges on Windows 11 24H2. The popular process impersonation technique known as Process Hollowing, which allows malicious executables to run under benign processes, encounters issues on the latest Windows 11 release. Users have reported errors when attempting to load payloads, specifically error 0xC0000141, due to changes in the Windows loader that affect how memory is allocated for implanted payloads. While alternative techniques like Process Doppelganging and Ghosting can be used to circumvent these issues by mapping payloads as MEM_IMAGE, they are less convenient than RunPE. Additionally, a patch for NTDLL can allow the original RunPE to function without interruption. The article details these findings and offers solutions for users facing similar challenges.

Source
{entry.data.source.title}
Original