{"id":478526,"date":"2023-08-09T09:34:13","date_gmt":"2023-08-09T09:34:13","guid":{"rendered":""},"modified":"2023-09-05T11:16:57","modified_gmt":"2023-09-05T11:16:57","slug":"process-hollowing","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/process-hollowing\/","title":{"rendered":"\uacf5\uc815 \ube44\uc6b0\uae30"},"content":{"rendered":"<h2>\ud504\ub85c\uc138\uc2a4 \ud560\ub85c\uc789\uc5d0 \ub300\ud55c \uac04\ub7b5\ud55c \uc18c\uac1c<\/h2>\n<p>\ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30(Process Hollowing)\ub294 \uc0ac\uc774\ubc84 \uacf5\uaca9\uc790\uac00 \ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4\uc758 \uc8fc\uc18c \uacf5\uac04\uc5d0 \uc545\uc131 \ucf54\ub4dc\ub97c \uc8fc\uc785\ud558\uc5ec \uc2e0\ub8b0\ud560 \uc218 \uc788\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc73c\ub85c \uac00\uc7a5\ud558\uc5ec \uc784\uc758\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\ub3c4\ub85d \ud558\ub294 \uc815\uad50\ud55c \uae30\uc220\uc785\ub2c8\ub2e4. \uc774 \ubc29\ubc95\uc740 \ud0d0\uc9c0\ub97c \ud53c\ud558\uace0 \ubcf4\uc548 \uc870\uce58\ub97c \uc6b0\ud68c\ud558\ub294 \ub370 \uc885\uc885 \uc0ac\uc6a9\ub418\ubbc0\ub85c \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc804\ubb38\uac00\uc640 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uac1c\ubc1c\uc790 \ubaa8\ub450\uc5d0\uac8c \uc911\uc694\ud55c \uad00\uc2ec\uc0ac\uc785\ub2c8\ub2e4.<\/p>\n<h2>\ud504\ub85c\uc138\uc2a4 \ud560\ub85c\uc789\uc758 \uc5ed\uc0ac\uc801 \uae30\uc6d0<\/h2>\n<p>\ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\uc758 \uae30\uc6d0\uc740 \ub9ec\uc6e8\uc5b4 \uc791\uc131\uc790\uac00 \uc545\uc758\uc801\uc778 \ud65c\ub3d9\uc744 \uc740\ud3d0\ud558\uae30 \uc704\ud55c \ud601\uc2e0\uc801\uc778 \ubc29\ubc95\uc744 \ubaa8\uc0c9\ud588\ub358 2000\ub144\ub300 \ucd08\ubc18\uc73c\ub85c \uac70\uc2ac\ub7ec \uc62c\ub77c\uac11\ub2c8\ub2e4. \uc774 \uae30\uc220\uc740 \uae30\uc874\uc758 \ubc14\uc774\ub7ec\uc2a4 \ubc31\uc2e0 \ud0d0\uc9c0 \ubc29\ubc95\uc744 \ud53c\ud558\ub294 \ud6a8\uc728\uc131\uc73c\ub85c \uc778\ud574 \uc8fc\ubaa9\uc744 \ubc1b\uc558\uc2b5\ub2c8\ub2e4. \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\uc5d0 \ub300\ud55c \ubb38\uc11c\ud654\ub41c \ucd5c\ucd08\uc758 \uc5b8\uae09\uc740 \ubcf4\uc548 \uc218\ub2e8\uc744 \ud30c\uad34\ud558\uae30 \uc704\ud574 \uc774 \ubc29\ubc95\uc744 \ud65c\uc6a9\ud55c \uc545\uc131\ucf54\ub4dc &quot;Hupigon&quot;\uc758 \ub9e5\ub77d\uc5d0\uc11c \ubc1c\uc0dd\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\ud504\ub85c\uc138\uc2a4 \ube48\ud654\uc758 \uba54\ucee4\ub2c8\uc998 \ud0d0\uad6c<\/h2>\n<p>\ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\uc5d0\ub294 \uc6b4\uc601 \uccb4\uc81c \ub0b4\ubd80\uc5d0 \ub300\ud55c \ubcf5\uc7a1\ud55c \uc774\ud574\uac00 \ud544\uc694\ud55c \ub2e4\ub2e8\uacc4 \ud504\ub85c\uc138\uc2a4\uac00 \ud3ec\ud568\ub429\ub2c8\ub2e4. \ub192\uc740 \uc218\uc900\uc5d0\uc11c \uc774 \uae30\uc220\uc740 \ub2e4\uc74c \ub2e8\uacc4\ub97c \ub530\ub985\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\uc885\uc885 \uc120\ub7c9\ud558\uac8c \ubcf4\uc774\ub824\ub294 \uc758\ub3c4\ub85c \ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4\uac00 \ub9cc\ub4e4\uc5b4\uc9d1\ub2c8\ub2e4.<\/li>\n<li>\ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4\uc758 \ucf54\ub4dc\uc640 \uba54\ubaa8\ub9ac\ub294 \uacf5\uaca9\uc790\uc758 \uc545\uc131\ucf54\ub4dc\ub85c \ub300\uccb4\ub429\ub2c8\ub2e4.<\/li>\n<li>\uc545\uc131 \ucf54\ub4dc\ub294 \ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4 \ub0b4\uc5d0\uc11c \uc2e4\ud589\ub418\uc5b4 \ud574\ub2f9 \ud65c\ub3d9\uc744 \ud6a8\uacfc\uc801\uc73c\ub85c \uc704\uc7a5\ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h2>Process Hollowing\uc758 \uc8fc\uc694 \ud2b9\uc9d5\uc744 \ubc1d\ud788\ub2e4<\/h2>\n<p>\uba87 \uac00\uc9c0 \ud2b9\uc9d5\uc73c\ub85c \uc778\ud574 \ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\uac00 \uc0ac\uc774\ubc84 \uacf5\uaca9\uc790\uc5d0\uac8c \ub9e4\ub825\uc801\uc778 \uc120\ud0dd\uc774 \ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\uc740\ubc00\ud568<\/strong>: \uacf5\uaca9\uc790\ub294 \ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4 \ub0b4\uc5d0\uc11c \uc791\uc5c5\ud568\uc73c\ub85c\uc368 \uc0c8\ub85c\uc6b4 \ud504\ub85c\uc138\uc2a4 \uc0dd\uc131\uc5d0 \ucd08\uc810\uc744 \ub9de\ucd98 \ud0d0\uc9c0 \uba54\ucee4\ub2c8\uc998\uc744 \ud68c\ud53c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uae30\uc5b5 \uc870\uc791<\/strong>: \uc774 \uae30\uc220\uc740 \uba54\ubaa8\ub9ac \uc870\uc791\uc744 \ud65c\uc6a9\ud558\uc5ec \uc784\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\ubbc0\ub85c \uacf5\uaca9\uc790\uac00 \ub514\uc2a4\ud06c\uc5d0 \ud30c\uc77c\uc744 \uc4f0\ub294 \uac83\uc744 \ud53c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uad8c\ud55c \uc2b9\uaca9<\/strong>: \ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30(Process Hollowing)\ub294 \uad8c\ud55c \uc0c1\uc2b9 \uc775\uc2a4\ud50c\ub85c\uc787\uacfc \ud568\uaed8 \uc0ac\uc6a9\ub418\uc5b4 \ub354 \ub192\uc740 \uc218\uc900\uc758 \uc2dc\uc2a4\ud15c \uc561\uc138\uc2a4 \uad8c\ud55c\uc744 \uc5bb\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\ud504\ub85c\uc138\uc2a4 \ud560\ub85c\uc789 \ubd84\ub958<\/h2>\n<p>\ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\uc5d0\ub294 \ub2e4\uc591\ud55c \ubcc0\ud615\uc774 \uc788\uc73c\uba70 \uac01\uac01 \uace0\uc720\ud55c \ud2b9\uc131\uc744 \uac00\uc9c0\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li><strong>\ud074\ub798\uc2dd \ud504\ub85c\uc138\uc2a4 \ud560\ub85c\uc789<\/strong>: \ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4\uc758 \ucf54\ub4dc\ub97c \uc545\uc131\ucf54\ub4dc\ub85c \ub300\uccb4\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uc2a4\ub808\ub4dc \uc2e4\ud589 \ud558\uc774\uc7ac\ud0b9<\/strong>: \ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4\uc758 \uc2a4\ub808\ub4dc \uc2e4\ud589\uc744 \uc545\uc131 \ucf54\ub4dc\ub85c \ub9ac\ub514\ub809\uc158\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uba54\ubaa8\ub9ac \uad50\uccb4 \uae30\uc220<\/strong>: \uae30\uc874 \ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\uc640 \uc720\uc0ac\ud558\uc9c0\ub9cc \uc804\uccb4 \ucf54\ub4dc\ub97c \uad50\uccb4\ud558\ub294 \ub300\uc2e0 \uba54\ubaa8\ub9ac\uc758 \ud2b9\uc815 \uc139\uc158\ub9cc \ubcc0\uacbd\ub429\ub2c8\ub2e4.<\/li>\n<\/ol>\n<p><strong>\ud45c: \uacf5\uc815 \ube44\uc6b0\uae30 \uc720\ud615<\/strong><\/p>\n<table>\n<thead>\n<tr>\n<th>\uae30\uc220<\/th>\n<th>\uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\ud074\ub798\uc2dd \ud504\ub85c\uc138\uc2a4 \ud560\ub85c\uc789<\/td>\n<td>\ub300\uc0c1 \ud504\ub85c\uc138\uc2a4\uc758 \ucf54\ub4dc\ub97c \uc545\uc131\ucf54\ub4dc\ub85c \uc644\uc804\ud788 \uad50\uccb4\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\uc2a4\ub808\ub4dc \uc2e4\ud589 \ud558\uc774\uc7ac\ud0b9<\/td>\n<td>\ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4 \ub0b4 \uc2a4\ub808\ub4dc\uc758 \uc2e4\ud589 \ud750\ub984\uc744 \uc545\uc131 \ucf54\ub4dc\ub85c \uc804\ud658\ud558\ub294 \ud589\uc704\uc785\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\uba54\ubaa8\ub9ac \uad50\uccb4<\/td>\n<td>\ub300\uc0c1 \ud504\ub85c\uc138\uc2a4\uc758 \ud2b9\uc815 \uba54\ubaa8\ub9ac \uc139\uc158\uc744 \uc545\uc131 \ucf54\ub4dc\ub85c \ubd80\ubd84\uc801\uc73c\ub85c \uad50\uccb4\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\uc560\ud50c\ub9ac\ucf00\uc774\uc158, \uacfc\uc81c \ubc0f \uc194\ub8e8\uc158<\/h2>\n<p>\ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\uc758 \uc801\uc6a9\uc740 \ub2e4\uc591\ud558\uba70 \ub2e4\uc74c\uc744 \ud3ec\ud568\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\uc545\uc131\ucf54\ub4dc \ubc30\ud3ec<\/strong>: \uacf5\uaca9\uc790\ub294 \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc2e0\uc911\ud55c \ubc29\uc2dd\uc73c\ub85c \uc545\uc131 \ucf54\ub4dc\ub97c \ubc30\ud3ec\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uc548\ud2f0\ubd84\uc11d<\/strong>: \uc545\uc758\uc801\uc778 \ud589\uc704\uc790\ub294 \ubd84\uc11d \ubc0f \ub9ac\ubc84\uc2a4 \uc5d4\uc9c0\ub2c8\uc5b4\ub9c1\uc744 \ub354\uc6b1 \uc5b4\ub835\uac8c \ub9cc\ub4dc\ub294 \uae30\uc220\uc744 \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uad8c\ud55c \uc2b9\uaca9<\/strong>: \ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\ub294 \uad8c\ud55c\uc744 \uc0c1\uc2b9\uc2dc\ud0a4\uace0 \uc2dc\uc2a4\ud15c\uc758 \ubbfc\uac10\ud55c \uc601\uc5ed\uc5d0 \ub300\ud55c \uc561\uc138\uc2a4 \uad8c\ud55c\uc744 \uc5bb\ub294 \ub370 \uc0ac\uc6a9\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<p>\uadf8\ub7ec\ub098 \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\uc5d0\ub294 \ub2e4\uc74c\uacfc \uac19\uc740 \uacfc\uc81c\uac00 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\ubc1c\uac01<\/strong>: \uae30\uc874 \ubcf4\uc548 \uc194\ub8e8\uc158\uc740 \uae30\ub9cc\uc801\uc778 \ud2b9\uc131\uc73c\ub85c \uc778\ud574 \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\ub97c \uc2dd\ubcc4\ud558\ub294 \ub370 \uc5b4\ub824\uc6c0\uc744 \uacaa\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\ud569\ubc95\uc801\uc778 \uc0ac\uc6a9<\/strong>: \uc77c\ubd80 \ud569\ubc95\uc801\uc778 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub294 \uc88b\uc740 \ubaa9\uc801\uc744 \uc704\ud574 \uc720\uc0ac\ud55c \uae30\uc220\uc744 \ud65c\uc6a9\ud560 \uc218 \uc788\uc73c\ubbc0\ub85c \ucc28\ubcc4\ud654\uac00 \uc911\uc694\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<p>\ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\ub97c \uc644\ud654\ud558\ub294 \uc194\ub8e8\uc158\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\ud589\ub3d9 \ubd84\uc11d<\/strong>: \uc2dc\uc2a4\ud15c \ub3d9\uc791\uc758 \uc774\uc0c1 \ud604\uc0c1\uc744 \ubaa8\ub2c8\ud130\ub9c1\ud558\ub294 \ub3c4\uad6c\ub97c \uc0ac\uc6a9\ud558\uba74 \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\ub97c \uc2dd\ubcc4\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\ucf54\ub4dc \uc11c\uba85<\/strong>: \ucf54\ub4dc \uc11c\uba85 \ubc29\uc2dd\uc744 \uad6c\ud604\ud558\uba74 \uc11c\uba85\ub418\uc9c0 \uc54a\uc740 \uc545\uc131 \ucf54\ub4dc\uc758 \uc2e4\ud589\uc744 \ubc29\uc9c0\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\ube44\uad50\ubd84\uc11d \ubc0f \uc8fc\uc694\ud2b9\uc9d5<\/h2>\n<p><strong>\ud45c: \ud504\ub85c\uc138\uc2a4 \ud560\ub85c\uc789\uacfc \ucf54\ub4dc \uc8fc\uc785 \ube44\uad50<\/strong><\/p>\n<table>\n<thead>\n<tr>\n<th>\uce21\uba74<\/th>\n<th>\uacf5\uc815 \ube44\uc6b0\uae30<\/th>\n<th>\ucf54\ub4dc \uc8fc\uc785<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\uc2e4\ud589 \uc704\uce58<\/td>\n<td>\ud569\ubc95\uc801\uc778 \ud504\ub85c\uc138\uc2a4\uc758 \uba54\ubaa8\ub9ac \uacf5\uac04 \ub0b4<\/td>\n<td>\ub300\uc0c1 \ud504\ub85c\uc138\uc2a4\uc5d0 \uc9c1\uc811 \uc8fc\uc785<\/td>\n<\/tr>\n<tr>\n<td>\uc740\ubc00\ud568<\/td>\n<td>\ub9e4\uc6b0 \uc740\ubc00\ud55c<\/td>\n<td>\ub354 \uc27d\uac8c \uac10\uc9c0 \uac00\ub2a5<\/td>\n<\/tr>\n<tr>\n<td>\uace0\uc9d1<\/td>\n<td>\uc77c\ubc18\uc801\uc73c\ub85c \ub35c \uc9c0\uc18d\uc131<\/td>\n<td>\ub354 \uc9c0\uc18d\uc801\uc778 \uac10\uc5fc\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc74c<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\ubbf8\ub798\uc804\ub9dd \ubc0f \uae30\uc220\ub3d9\ud5a5<\/h2>\n<p>\uae30\uc220\uc774 \ubc1c\uc804\ud568\uc5d0 \ub530\ub77c \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\ub97c \ud3ec\ud568\ud55c \uc0ac\uc774\ubc84 \uacf5\uaca9 \ubc29\ubc95\ub3c4 \ubc1c\uc804\ud569\ub2c8\ub2e4. \ud5a5\ud6c4 \uac1c\ubc1c\uc5d0\ub294 \ub2e4\uc74c\uc774 \ud3ec\ud568\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\ub2e4\ud615\uc131 \uae30\uc220<\/strong>: \ub9ec\uc6e8\uc5b4\ub294 \ub2e4\ud615\uc131\uc744 \uc0ac\uc6a9\ud558\uc5ec \ubaa8\uc591\uc744 \uc9c0\uc18d\uc801\uc73c\ub85c \ubcc0\uacbd\ud558\ubbc0\ub85c \ud0d0\uc9c0\ud558\uae30\uac00 \ud6e8\uc52c \ub354 \uc5b4\ub824\uc6cc\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>AI \uae30\ubc18 \uacf5\uaca9<\/strong>: \uacf5\uaca9\uc790\ub294 AI\ub97c \ud65c\uc6a9\ud558\uc5ec \ub300\uc0c1 \ud504\ub85c\uc138\uc2a4\ub97c \uc120\ud0dd\ud558\uace0 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\ub294 \ud504\ub85c\uc138\uc2a4\ub97c \uc790\ub3d9\ud654\ud558\uace0 \ucd5c\uc801\ud654\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30 \ubc0f \ud504\ub85d\uc2dc \uc11c\ubc84<\/h2>\n<p>OneProxy\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \uac83\uacfc \uac19\uc740 \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\uc758 \ub9e5\ub77d\uc5d0\uc11c \uc5ed\ud560\uc744 \uc218\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\uc775\uba85<\/strong>: \uacf5\uaca9\uc790\ub294 \ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\uc5d0 \ucc38\uc5ec\ud558\ub294 \ub3d9\uc548 \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc6d0\ubcf8\uc744 \ub9c8\uc2a4\ud0b9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\ud2b8\ub798\ud53d \ub09c\ub3c5\ud654<\/strong>: \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ub124\ud2b8\uc6cc\ud06c \ud2b8\ub798\ud53d\uc744 \ub09c\ub3c5\ud654\ud558\uc5ec \uc545\uc758\uc801\uc778 \ud65c\ub3d9\uc744 \ucd94\uc801\ud558\uae30 \uc5b4\ub835\uac8c \ub9cc\ub4e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>\ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc744 \ubcf4\ub824\uba74 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \uc0b4\ud3b4\ubcf4\uc138\uc694.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2013\/08\/hammerd-crowd-distinguishing-between-malicious-thread-injection-and-memory-patching.html\" target=\"_new\" rel=\"noopener nofollow\">\ud504\ub85c\uc138\uc2a4 \ube48\ud654 \uc774\ud574<\/a><\/li>\n<li><a href=\"https:\/\/attack.mitre.org\/techniques\/T1055\/012\/\" target=\"_new\" rel=\"noopener nofollow\">\ud504\ub85c\uc138\uc2a4 \ube44\uc6b0\uae30: \uc740\ubc00\ud55c \ucf54\ub4dc \uc8fc\uc785 \uae30\uc220<\/a><\/li>\n<\/ul>\n<p>\ud504\ub85c\uc138\uc2a4 \uacf5\ub3d9\ud654\ub294 \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc601\uc5ed\uc5d0\uc11c \uc5ec\uc804\ud788 \uc5c4\uccad\ub09c \uacfc\uc81c\ub85c \ub0a8\uc544 \uc788\uc2b5\ub2c8\ub2e4. \ud0d0\uc9c0\ub418\uc9c0 \uc54a\uc740 \ucc44 \uc2dc\uc2a4\ud15c\uc5d0 \uce68\ud22c\ud560 \uc218 \uc788\ub294 \ub2a5\ub825\uc744 \uac16\ucd94\ub824\uba74 \uc9c0\uc18d\uc801\uc778 \uacbd\uacc4\uc640 \ud601\uc2e0\uc801\uc778 \ubc29\uc5b4 \uba54\ucee4\ub2c8\uc998\uc774 \ud544\uc694\ud569\ub2c8\ub2e4. \uae30\uc220\uc774 \ubc1c\uc804\ud568\uc5d0 \ub530\ub77c \uc0ac\uc774\ubc84 \uacf5\uaca9\uc790\uc640 \ubc29\uc5b4\uc790 \ubaa8\ub450\uac00 \uc0ac\uc6a9\ud558\ub294 \uc804\ub7b5\ub3c4 \ubc1c\uc804\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>","protected":false},"featured_media":478527,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478526","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Process Hollowing: Unveiling the Intricacies of a Stealthy Technique<\/mark>","faq_items":[{"question":"What is process hollowing?","answer":"<p>Process hollowing is a sophisticated technique used by cyber attackers to inject malicious code into the memory space of a legitimate process. This allows them to execute their code within the context of a trusted application, evading detection and security measures.<\/p>"},{"question":"How did process hollowing originate?","answer":"<p>Process hollowing dates back to the early 2000s, emerging as a way for malware authors to conceal their activities. The first mention of process hollowing was in connection with the malware \"Hupigon,\" which employed this technique to bypass security measures.<\/p>"},{"question":"How does process hollowing work?","answer":"<p>Process hollowing involves several steps:<\/p><ol><li>A legitimate process is created.<\/li><li>The code and memory of this process are replaced with malicious code.<\/li><li>The malicious code is executed within the context of the legitimate process, disguising its activities.<\/li><\/ol>"},{"question":"What are the key features of process hollowing?","answer":"<p>Process hollowing offers distinct advantages to attackers, including stealthiness, memory manipulation, and potential privilege escalation. By operating within a legitimate process, attackers can avoid detection mechanisms and execute code without writing files to disk.<\/p>"},{"question":"What types of process hollowing exist?","answer":"<p>There are several types of process hollowing:<\/p><ul><li>Classic Process Hollowing: Replaces the code of a legitimate process entirely.<\/li><li>Thread Execution Hijacking: Redirects the execution flow of a thread within a legitimate process.<\/li><li>Memory Replacement Technique: Partially replaces specific memory sections in the target process.<\/li><\/ul>"},{"question":"How is process hollowing used?","answer":"<p>Process hollowing has diverse applications, including malware deployment, anti-analysis measures, and privilege escalation. It challenges security solutions due to its stealthiness and can be mitigated using behavioral analysis and code signing.<\/p>"},{"question":"What challenges does process hollowing pose?","answer":"<p>Process hollowing is challenging to detect, and it's important to differentiate between malicious and legitimate uses. Traditional security measures struggle with its deceptive nature, which can lead to potential security breaches.<\/p>"},{"question":"How does process hollowing compare to code injection?","answer":"<p>Process hollowing involves executing code within a legitimate process, while code injection directly injects code into a target process. Process hollowing is stealthier but typically less persistent than code injection.<\/p>"},{"question":"What's the future outlook for process hollowing?","answer":"<p>Future developments might include polymorphic techniques and AI-driven attacks. Polymorphism could make malware appearance unpredictable, and AI may automate the process selection for attacks.<\/p>"},{"question":"How are proxy servers related to process hollowing?","answer":"<p>Proxy servers, like those provided by OneProxy, can be used by attackers to obscure their origin during process hollowing. Proxy servers also help obfuscate network traffic, making detection more difficult.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478526\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media\/478527"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=478526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}