ProcessGhosting

This is a C# implementation of the original Process Ghosting written in C Original POC.

For easier understanding, the target file name and path have been hardcoded.

Usage

Open the project solution in Visual Studio
Change the path of the target binary that you want to run in the following lines

string filename = @"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"; //Change this

Compile the code in Visual Studio as Release and in x64 architecture

Run the ProcessGhosting.exe program to launch a target binary of your choice

./ProcessGhosting.exe

For More details about this technique refer to my Blog

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.vs/ProcessGhosting/v16		.vs/ProcessGhosting/v16
Properties		Properties
bin/x64/Release		bin/x64/Release
obj		obj
App.config		App.config
HelperFunctions.cs		HelperFunctions.cs
ProcessGhosting.csproj		ProcessGhosting.csproj
ProcessGhosting.sln		ProcessGhosting.sln
Program.cs		Program.cs
README.md		README.md
UserDefinedTypes.cs		UserDefinedTypes.cs
running_powershell.png		running_powershell.png
vs_settings.png		vs_settings.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.vs/ProcessGhosting/v16

.vs/ProcessGhosting/v16

Properties

Properties

bin/x64/Release

bin/x64/Release

obj

obj

App.config

App.config

HelperFunctions.cs

HelperFunctions.cs

ProcessGhosting.csproj

ProcessGhosting.csproj

ProcessGhosting.sln

ProcessGhosting.sln

Program.cs

Program.cs

README.md

README.md

UserDefinedTypes.cs

UserDefinedTypes.cs

running_powershell.png

running_powershell.png

vs_settings.png

vs_settings.png

Repository files navigation

ProcessGhosting

Usage

About

Releases

Packages

Languages

dosxuz/ProcessGhosting

Folders and files

Latest commit

History

Repository files navigation

ProcessGhosting

Usage

About

Resources

Stars

Watchers

Forks

Languages