This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
-
Updated
Apr 29, 2023 - C
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Various methods of executing shellcode
Download data from the internet bypassing the firewall using process injection
Poc for ELF64 runtime infection via GOT poisoning technique by elfmaster
PoC Linux process injection to hide execution of "benign" binary.
PG ITSi: ProcessInjection
Works in any version from Windows 7 to 11. Injection of malicious code into legitimate Windows processes for evasion and simple malware to gain unauthorized access, using the Windows API. Serves as proof of concept or intrusion detection exercises.
Malware development using C programming language and Windows32 API's
Add a description, image, and links to the process-injection topic page so that developers can more easily learn about it.
To associate your repository with the process-injection topic, visit your repo's landing page and select "manage topics."