INTRODUCTION Today, we are going to be diving into Process Hollowing, a cyber attack technique used by hackers to introduce and run malware into a victim machine. In this article, you'll learn how it works, how to detect it on your system, and go through a practical carried out to detect Process Hollowing. Before beginning the article, a huge thank you to HSC Consult for the mentorship efforts on this journey. HOW DOES PROCESS HOLLOWING WORK? On a very high level, this is just a bad untrusted process pretending to be a trusted process, in order to avoid detection systems. As a user, you could be seeing a notepad process running. Normal, right? Wrong! Someone made it look like a notepad process, but it really is malware running on your system. Process Hollowing starts up a new program that is known and trusted, and right before the program executes, the attacker finds where the program code sits in memory, writes over the code with new code, and then executes the process.…