Sophos interview question

Q: Describe process injection and how to detect it.

Interview Answer

Anonymous

17 July 2024

A: You will generally be OpenProcess, Allocation of Virtual Memory, writing a payload to that memory then creating threads to execute that payload. There's several methods, and generally you watch those system calls to detect them.