Classic Process Injection
Injection
Technique Details
Description
Classic Windows process injection: a technique where a program opens a target process, allocates memory inside it, writes malicious code into that memory, and creates a remote thread to execute the injected payload
Dependencies
windows.h
Mitigations
API Hooking & EDR Monitoring
Memory Scanning
Memory Scanning
📝 Add Note
Steps
– Find the Target
– Open the Process
– Allocate Memory Inside the remote process
– Write the shellcode in the new memory space
– Create a remote thread pointing the memory region with the shellcode
– Open the Process
– Allocate Memory Inside the remote process
– Write the shellcode in the new memory space
– Create a remote thread pointing the memory region with the shellcode
Code
- C++
- Rust
⚠️ Note: The Rust code examples shown here are not exhaustively tested in all environments or edge cases.
Proof of Concept
Leave a Reply
You must be logged in to post a comment.