enSilo technical specialists informed the participants of the Black Hat Europe 2017 conference about the emergence of a new method of attacks on personal computers. The new method, called Process Doppelgänging, allows hackers to bypass all available anti-virus programs and extract confidential user data from all versions of Windows OS. EnSilo security specialists have overcome almost all anti-virus programs: Kaspersky Lab, ESET, Symantec, McAfee, Windows Defender, AVG, Avast, Bitdefender, Qihoo 360, Panda and Volatility (special antivirus for cybercriminals). Computers were running Windows 10, 8.1 and 7 SP1. Process Doppelgänging is similar to Process Hollowing in the method of penetrating and stealing data. The essence of the penetration method is to create a legitimate process and further replace the secure code – a code for hacking personal data. The main antivirus programs have already adapted to Process Hollowing and learned how to effectively block it. EnSilo specialists have improved the attack technique to complicate its detection. Process Doppelgänging is based on the use of NTFS to modify legitimate files and execute malicious code that does not reach the user’s computer, which complicates its detection. As a demonstration of the Process Doppelgänging methodology, the Mimikatz program was launched, designed to steal and recover passwords. Attackers must have knowledge about the work and the creation of processes, which so far makes attacks using this method a single occurrence. However, protection against Process Doppelgänging cannot be set by releasing another patch – attackers work with fundamental Windows mechanisms.