Skip to content

Commit

Permalink
Added link to string distance algorithm description
Browse files Browse the repository at this point in the history
  • Loading branch information
@DavidJBianco
DavidJBianco committed Nov 30, 2016
1 parent c08e7a4 commit 2339ab1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion hunts/critical_process_impersonation.md
View file
Expand Up @@ -18,7 +18,7 @@ Scripting

**Description**

A popular technique for hiding malware running on Windows systems is to give it a name that's confusingly similar to a legitimate Windows process, preferably one that is always present on all systems. Using a _string similarity_ algorithm, we can compare the names of running processes to a set of defined Windows system processes to look for this sort of impersonation.
A popular technique for hiding malware running on Windows systems is to give it a name that's confusingly similar to a legitimate Windows process, preferably one that is always present on all systems. Using a _string similarity_ algorithm ([Damerau-Levenshtein](https://en.wikipedia.org/wiki/Damerau%E2%80%93Levenshtein_distance) distance), we can compare the names of running processes to a set of defined Windows system processes to look for this sort of impersonation.

**Other Notes**

Expand Down

0 comments on commit 2339ab1

Please sign in to comment.