Process Injection Variants Pack

Process Injection Variants Pack — 12 Techniques

Implementaciones limpias and documented of techniques of injection:

n
• Classic injection — VirtualAllocEx + WriteProcessMemory + CreateRemoteThread.
n
• APC injection — QueueUserAPC in thread alertable of the target process.
n
• Thread hijacking — SuspendThread + SetThreadContext + ResumeThread.
n
• Process hollowing — Create suspended process, unmap, write new PE, resume.
n
• Module stomping — Cargar DLL legitimate, onscribir su .text with shellcode.
n
• Transacted hollowing — Usa NTFS transactions for escribir PE without touching disk.
n
• Callback injection — Abuses callbacks of Windows API (EnumWindows, EnumFonts, etc.).
n
• Early bird — Inyecta in process antes of that its entry point ejecute.
n
• Phantom DLL hollowing — Mapea DLL from path inexistsnte, writes shellcode in the section.
n
• Atom bombing — Usa GlobalAtom table for escribir data in target process.
n
• NtMapViewOfSection — Shared section between processes for injection without WriteProcessMemory.
n
• Fiber injection — ConvertThreadToFiber + CreateFiber for executing shellcode.
n