Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Process hollowing replaces a suspended legitimate process's memory image with malicious code to masquerade as trusted, MITRE ATTACK T1055.012.
Process Hollowing Definition: Process hollowing replaces a suspended legitimate process's memory image with malicious code to masquerade as trusted, MITRE ATTACK T1055.012.
Process hollowing, also known as RunPE, is a code injection and defense evasion technique in which an attacker launches a legitimate process in a suspended state, unmaps (hollows out) its original executable image from memory, and replaces it with malicious code before resuming execution. This lets malware run under the guise of a trusted process, evading detection and bypassing application allowlisting. It is cataloged in MITRE ATTACK as technique T1055.012.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →