Skip to content
/ ThreadlessInject-BOF Public

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.

License

MIT license
359 stars 50 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iilegacyyii/ThreadlessInject-BOF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
dist
dist
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
beacon.h
beacon.h
 
 
entry.c
entry.c
 
 
extension.json
extension.json
 
 
typedefs.h
typedefs.h
 
 

Repository files navigation

Threadless Inject BOF

A beacon object file implementation of ThreadlessInject by @_EthicalChaos_, making use of API hashing and calling NTAPI functions directly rather than going through the Windows API.

ThreadlessInject is a novel process injection technique involving hooking an export function from a remote process in order to gain shellcode execution. The original project was released after their talk at BSides Cymru 2023.

Usage

threadless-inject <pid> <dll> <export function> <shellcode path>

Examples

For sake of example, all process id's have been assumed to be 1234.

Inject into chrome.exe, execute shellcode when process closes

threadless-inject 1234 ntdll.dll NtTerminateProcess shellcode.bin

Inject into notepad.exe, execute upon file open

threadless-inject 1234 ntdll.dll NtOpenFile shellcode.bin

Credits

About

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.

Resources

Readme

License

MIT license
Activity

Stars

359 stars

Watchers

5 watching

Forks

50 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages