Process Injection

Secondary Categories: 02-Malware

Description:

Its generally good to inject your shellcode into your own process memory region and if not then inject you shellcode into a process that will generate network traffic

KernelCallbackTable Method

Using this WinAPI function we can inject payloads into remote processes. This method is used by FinFisher/FinSpy and Lazarus in their malware campaigns.

To get this process injection method to work you can spawn a sacraficial process then inject into that.

Resources:

Title	URL
Shellcode Loaders	https://frischkorn-nicholas.medium.com/windows-evasion-edrs-shellcode-loaders-e57db92de630
KernelCallbackTable Capt. Meelo	https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
modexp KernelCallback Table	https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Process Injection

Description:

KernelCallbackTable Method

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer