Skip to content
This repository was archived by the owner on Mar 30, 2026. It is now read-only.

Adding argv[0] spoofing entry#77

Open
wietze wants to merge 1 commit intoUnprotect-Project:mainfrom
wietze:new/argv0-spoofing
Open

Adding argv[0] spoofing entry#77
wietze wants to merge 1 commit intoUnprotect-Project:mainfrom
wietze:new/argv0-spoofing

Conversation

@wietze
Copy link
Copy Markdown

@wietze wietze commented Sep 7, 2024

Merci

@DarkCoderSc
Copy link
Copy Markdown
Member

DarkCoderSc commented Nov 18, 2024

What do you think about this: https://unprotect.it/technique/process-argument-spoofing/ ?

The process argument spoofing evasion technique was already documented, so I merged the existing content (which focuses on Windows) with your contribution, which emphasizes Linux.

Please let me know if you're okay with this. Note that the details about Linux techniques can be expanded by clicking on the Linux section accordion.

When you agree, I will publish accept your pull request.

@fr0gger
Copy link
Copy Markdown
Collaborator

fr0gger commented Jan 9, 2025

I think we can close and merge this PR @DarkCoderSc @wietze :)

@wietze
Copy link
Copy Markdown
Author

wietze commented Jan 10, 2025

Thank you @DarkCoderSc for your review.

Process Argument Spoofing is a technique used by attackers to hide their true intentions by changing the command line arguments of a process after it has started.

This is not true for the technique I documented in this PR, as it is done before the process is started.

That said, I'm easy - happy either way. If you think this is best, please feel free to go ahead.

Many thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wietze @DarkCoderSc @fr0gger