- Apr 9, 2020
- 667
- Content source
- https://youtu.be/tBR1-1J5Jec
This is an overview to all common process injection techniques used by malware, including AtomBombing, Process Hollowing aka RunPE, Process Doppelgänging.
Sources:
My process Injection overview infographic: Process Injection Info Graphic
Process Injection Techniques Gotta Catch Them All: https://i.blackhat.com/USA-19/Thurs...Injection-Techniques-Gotta-Catch-Them-All.pdf
Atom bombing: AtomBombing – A Brand New Code Injection Technique for Windows | FortiGuard Labs
Atom bombing: AtomBombing – A New Code Injection Attack
Process Doppelgänging: Process Doppelgänging – a new way to impersonate a process
DLL Injection via LoadLibrary/CreateRemoteThread: Three Ways to Inject Your Code into Another Process
DLL Search Order Hijacking (DLL injection that is not process injection): DLL Search Order Hijacking
Backdooring PE files with shellcode (code injection that is not process injection): https://www.ired.team/offensive-sec...ooring-portable-executables-pe-with-shellcode
Sources:
My process Injection overview infographic: Process Injection Info Graphic
Process Injection Techniques Gotta Catch Them All: https://i.blackhat.com/USA-19/Thurs...Injection-Techniques-Gotta-Catch-Them-All.pdf
Atom bombing: AtomBombing – A Brand New Code Injection Technique for Windows | FortiGuard Labs
Atom bombing: AtomBombing – A New Code Injection Attack
Process Doppelgänging: Process Doppelgänging – a new way to impersonate a process
DLL Injection via LoadLibrary/CreateRemoteThread: Three Ways to Inject Your Code into Another Process
DLL Search Order Hijacking (DLL injection that is not process injection): DLL Search Order Hijacking
Backdooring PE files with shellcode (code injection that is not process injection): https://www.ired.team/offensive-sec...ooring-portable-executables-pe-with-shellcode
