Articles by Gabriel Landau

Several common process tampering attacks exploit the gap between process creation and when security products are notified. Elastic Security detects a variety of such techniques, including Doppelgänging, Herpaderping, and a new technique: Ghosting..

This blog is the first in a two-part series discussing a userland Windows exploit that enables attackers to perform highly privileged actions that typically require a kernel driver...