(GREM) Giac Reverse Engineering Malware Practice Test
GREM Memory Forensics & Runtime Analysis 3
What distinguishes 'Process DoppelgÀnging' from process hollowing as a defense evasion technique?
Select your answer
A
Process DoppelgÀnging uses NTFS transactions to load malicious code so the file appears as a legitimate clean file to security tools
B
Process DoppelgÀnging unmaps the target process image before writing shellcode
C
Process DoppelgÀnging patches the SSDT to redirect system calls
D
Process DoppelgÀnging injects code via Windows Atom tables
Hint
âš Remove Ads & Unlock Every Exam
â From $1.49
đ Study This Quiz as Flashcards â