Hunting injected processes by the modules they keep
A relatively recent post showed how Metasploit’s Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our example.
One of the things we saw in that post was … Continue reading Hunting injected processes by the modules they keep