I have already discussed about Early Bird APC Injection using QueueUserAPC method on this blog. On a high level, with respect to the old method, we start by creating a suspended process example Not...

In the previous blog, we discussed how to get around Windows Defender by using payload obfuscation. This time, we’ll go over how to get the beacon into our sliver C2 undetected by using shellcode ...

Shellcode We have already discussed about process injection using shellcode which pretty much explains about why and how to use it. Giving the background again, shellcode is just a collection of i...

Last month, I discovered a couple of issues related to Exported Activities and Intent Injections. These vulnerabilities were either unreported or reported in a manner that underestimated their impa...

Process Hollowing CreateProcess CreateFile VirtualAllocEx ReBaseImage64 CreateFileMapping, MapViewOfFileEx WriteProcessMemory NtQueryInformationProcess GetThreadContext, SetThreadContext ResumeThr...

Process Injection - Reflective DLL Injection

Process Injection - DLL Injection DLL Injection is a kind of process injection techniques but unlike loading shellcode into a running process, DLL Injection involves injecting and loading a malicio...

Process Injection (ShellCode) - QueueUserAPC APC (Asynchronous Procedure Call) on Windows involves threads having APC queues for functions that execute only under specific thread conditions. When ...

Process Injection - Shellcode In this blog, we are going to discuss how we can perform a generic shellcode injection inside a running process and the functions needed to do it. Generally, shellco...

Process Injection It is a technique to inject malicious code (can be on any form, ex shellcode, DLLs) into the legitimate process. It executes the code in the address space of the running process ...