{"id":4362,"date":"2025-03-08T09:00:49","date_gmt":"2025-03-08T02:00:49","guid":{"rendered":"https:\/\/www.linuxid.net\/istilah\/?p=4362"},"modified":"2025-03-08T09:00:49","modified_gmt":"2025-03-08T02:00:49","slug":"process-hollowing","status":"publish","type":"post","link":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/","title":{"rendered":"process hollowing"},"content":{"rendered":"<p>Process hollowing adalah eksploitasi keamanan di mana penyerang menghapus kode dalam file eksekusi dan menggantinya dengan kode berbahaya. Serangan process hollowing digunakan oleh hacker untuk membuat proses yang tampaknya sah menjalankan kode jahat. Serangan ini bisa dilakukan sambil menghindari deteksi oleh software keamanan.<\/p>\n<p>Eksploitasi process hollowing sering dimulai melalui tautan berbahaya dalam <a href=\"https:\/\/www.linuxid.net\/istilah\/phishing\/\">email phishing<\/a>. Misalnya, pengguna Windows bisa saja mengklik salah satu tautan terinfeksi, yang kemudian mengeksekusi perintah <a href=\"https:\/\/www.linuxid.net\/istilah\/PowerShell\/\">PowerShell<\/a>. Perintah ini bisa mengunduh dan menginstal <a href=\"https:\/\/www.linuxid.net\/istilah\/malware\/\">malware<\/a> milik penyerang.<\/p>\n<p>Seperti jenis serangan injeksi kode lainnya, process hollowing bisa sulit dideteksi.<\/p>\n<h2>Bagaimana cara kerja process hollowing?<\/h2>\n<p>Malware yang digunakan biasanya memungkinkan penyerang untuk membuat perubahan kecil yang tampak normal dalam suatu program, seperti &#8220;menambahkan jeda saat proses peluncuran.&#8221; Selama jeda ini, penyerang bisa menghapus kode asli dalam file eksekusi program dan menggantinya dengan kode berbahaya. Proses ini disebut hollowing. Ketika peluncuran program dilanjutkan, kode yang dieksekusi sebenarnya adalah kode penyerang sebelum akhirnya menjalankan program seperti biasa.<\/p>\n<p>Pada dasarnya, process hollowing memungkinkan penyerang mengubah file eksekusi yang sah menjadi <a href=\"https:\/\/www.linuxid.net\/istilah\/container-containerization-or-container-based-virtualization\/\">container<\/a> berbahaya yang tetap terlihat terpercaya. Karena itu, software antimalware di perangkat korban mungkin tidak akan menyadari adanya pergantian kode.<\/p>\n<h2>Cara mengatasi process hollowing<\/h2>\n<p>Mencegah serangan process hollowing cukup sulit karena teknik ini mengeksploitasi proses sistem yang memang diperlukan. Selain itu, mendeteksi serangan ini juga sulit karena kode berbahaya bisa menghapus jejaknya sendiri dari disk untuk menghindari identifikasi. Akibatnya, banyak vendor keamanan merekomendasikan strategi pasca-serangan untuk menangani process hollowing.<\/p>\n<p>Karena tantangan ini, muncul segmen pasar baru untuk menangani ancaman tingkat lanjut (<a href=\"https:\/\/www.linuxid.net\/istilah\/advanced-persistent-threat-APT\/\">APT<\/a>). Firma riset <a href=\"https:\/\/www.linuxid.net\/istilah\/Gartner\/\">Gartner<\/a> menyebut segmen baru ini sebagai &#8220;endpoint detection and response (<a href=\"https:\/\/www.linuxid.net\/istilah\/endpoint-detection-and-response-EDR\/\">EDR<\/a>).&#8221; EDR berfokus pada pembuatan alat yang bisa mendeteksi dan menyelidiki aktivitas mencurigakan serta berbagai masalah keamanan pada perangkat endpoint.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Process hollowing adalah eksploitasi keamanan di mana penyerang menghapus kode dalam file eksekusi dan menggantinya dengan kode berbahaya. Serangan process hollowing digunakan oleh hacker untuk membuat proses yang tampaknya sah menjalankan kode jahat. Serangan ini bisa dilakukan sambil menghindari deteksi oleh software keamanan. Eksploitasi process hollowing sering dimulai melalui tautan berbahaya dalam email phishing. Misalnya, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[236],"tags":[104],"class_list":["post-4362","post","type-post","status-publish","format-standard","hentry","category-it-management","tag-technical-support"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Apa itu process hollowing? - Istilah Komputer<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/\" \/>\n<meta property=\"og:locale\" content=\"id_ID\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apa itu process hollowing? - Istilah Komputer\" \/>\n<meta property=\"og:description\" content=\"Process hollowing adalah eksploitasi keamanan di mana penyerang menghapus kode dalam file eksekusi dan menggantinya dengan kode berbahaya. Serangan process hollowing digunakan oleh hacker untuk membuat proses yang tampaknya sah menjalankan kode jahat. Serangan ini bisa dilakukan sambil menghindari deteksi oleh software keamanan. Eksploitasi process hollowing sering dimulai melalui tautan berbahaya dalam email phishing. Misalnya, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/\" \/>\n<meta property=\"og:site_name\" content=\"Istilah Komputer\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-08T02:00:49+00:00\" \/>\n<meta name=\"author\" content=\"adhit\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Ditulis oleh\" \/>\n\t<meta name=\"twitter:data1\" content=\"adhit\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimasi waktu membaca\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 menit\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/\",\"url\":\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/\",\"name\":\"Apa itu process hollowing? - Istilah Komputer\",\"isPartOf\":{\"@id\":\"https:\/\/linuxid.net\/istilah\/#website\"},\"datePublished\":\"2025-03-08T02:00:49+00:00\",\"author\":{\"@id\":\"https:\/\/linuxid.net\/istilah\/#\/schema\/person\/ec7c6c711087fb70886ff5a4fe68e83d\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/#breadcrumb\"},\"inLanguage\":\"id\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/linuxid.net\/istilah\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"process hollowing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/linuxid.net\/istilah\/#website\",\"url\":\"https:\/\/linuxid.net\/istilah\/\",\"name\":\"Istilah Komputer\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/linuxid.net\/istilah\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"id\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/linuxid.net\/istilah\/#\/schema\/person\/ec7c6c711087fb70886ff5a4fe68e83d\",\"name\":\"adhit\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"id\",\"@id\":\"https:\/\/linuxid.net\/istilah\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.linuxid.net\/istilah\/wp-content\/litespeed\/avatar\/808829c8eb1b70c161b392916104c2ba.jpg?ver=1777193465\",\"contentUrl\":\"https:\/\/www.linuxid.net\/istilah\/wp-content\/litespeed\/avatar\/808829c8eb1b70c161b392916104c2ba.jpg?ver=1777193465\",\"caption\":\"adhit\"},\"sameAs\":[\"https:\/\/linuxid.net\/istilah\"],\"url\":\"https:\/\/www.linuxid.net\/istilah\/author\/xsandradietsax\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apa itu process hollowing? - Istilah Komputer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/","og_locale":"id_ID","og_type":"article","og_title":"Apa itu process hollowing? - Istilah Komputer","og_description":"Process hollowing adalah eksploitasi keamanan di mana penyerang menghapus kode dalam file eksekusi dan menggantinya dengan kode berbahaya. Serangan process hollowing digunakan oleh hacker untuk membuat proses yang tampaknya sah menjalankan kode jahat. Serangan ini bisa dilakukan sambil menghindari deteksi oleh software keamanan. Eksploitasi process hollowing sering dimulai melalui tautan berbahaya dalam email phishing. Misalnya, [&hellip;]","og_url":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/","og_site_name":"Istilah Komputer","article_published_time":"2025-03-08T02:00:49+00:00","author":"adhit","twitter_card":"summary_large_image","twitter_misc":{"Ditulis oleh":"adhit","Estimasi waktu membaca":"1 menit"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/","url":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/","name":"Apa itu process hollowing? - Istilah Komputer","isPartOf":{"@id":"https:\/\/linuxid.net\/istilah\/#website"},"datePublished":"2025-03-08T02:00:49+00:00","author":{"@id":"https:\/\/linuxid.net\/istilah\/#\/schema\/person\/ec7c6c711087fb70886ff5a4fe68e83d"},"breadcrumb":{"@id":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/#breadcrumb"},"inLanguage":"id","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.linuxid.net\/istilah\/process-hollowing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.linuxid.net\/istilah\/process-hollowing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/linuxid.net\/istilah\/"},{"@type":"ListItem","position":2,"name":"process hollowing"}]},{"@type":"WebSite","@id":"https:\/\/linuxid.net\/istilah\/#website","url":"https:\/\/linuxid.net\/istilah\/","name":"Istilah Komputer","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/linuxid.net\/istilah\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"id"},{"@type":"Person","@id":"https:\/\/linuxid.net\/istilah\/#\/schema\/person\/ec7c6c711087fb70886ff5a4fe68e83d","name":"adhit","image":{"@type":"ImageObject","inLanguage":"id","@id":"https:\/\/linuxid.net\/istilah\/#\/schema\/person\/image\/","url":"https:\/\/www.linuxid.net\/istilah\/wp-content\/litespeed\/avatar\/808829c8eb1b70c161b392916104c2ba.jpg?ver=1777193465","contentUrl":"https:\/\/www.linuxid.net\/istilah\/wp-content\/litespeed\/avatar\/808829c8eb1b70c161b392916104c2ba.jpg?ver=1777193465","caption":"adhit"},"sameAs":["https:\/\/linuxid.net\/istilah"],"url":"https:\/\/www.linuxid.net\/istilah\/author\/xsandradietsax\/"}]}},"_links":{"self":[{"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/posts\/4362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/comments?post=4362"}],"version-history":[{"count":0,"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/posts\/4362\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/media?parent=4362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/categories?post=4362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxid.net\/istilah\/wp-json\/wp\/v2\/tags?post=4362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}