Secondary Categories: 02-Malware
Description:
Its generally good to inject your shellcode into your own process memory region and if not then inject you shellcode into a process that will generate network traffic
KernelCallbackTable Method
Using this WinAPI function we can inject payloads into remote processes. This method is used by FinFisher/FinSpy and Lazarus in their malware campaigns.
To get this process injection method to work you can spawn a sacraficial process then inject into that.
Resources:
Title | URL |
---|---|
Shellcode Loaders | https://frischkorn-nicholas.medium.com/windows-evasion-edrs-shellcode-loaders-e57db92de630 |
KernelCallbackTable Capt. Meelo | https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html |
modexp KernelCallback Table | https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/ |
Also Check Out:
- PLACEHOLDER