← LibraryTechnique entry
INJ-STACK-SPOOFDefense Evasion
Call-Stack Spoofing
Manipulate the return-address chain so EDRs that walk the stack see a legitimate origin (kernel32!CreateProcessW etc.).
§ Where this technique fits
INJ-STACK-SPOOF is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.