ProcessInjectionTechniques

Process Injection Series

---

<div align="center"> <img width="500px" src="Assets/PE.jpg" /> </div>

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques and methods used by adversaries.

---

Purpose

The purpose of the Process Injection Series is to share valuable knowledge with the cybersecurity community, particularly those eager to learn about malware development and advanced evasion techniques. Through this series, I aim to not only expand my own expertise but also provide a centralized resource for all tactics, techniques, and procedures (TTPs) related to process injection. By doing so, I hope to empower others with the skills and understanding needed to navigate and contribute to the evolving landscape of cybersecurity.

---

Shellcode

Throughout the series, I will be using my custom-generated shellcode, which displays a message box with the text "Hello from Offensive Panda." This shellcode serves as a consistent and straightforward payload for demonstrating various process injection techniques. However, you are encouraged to experiment with different shellcodes tailored to your needs, allowing you to explore and apply the concepts in ways that best suit your learning objectives or project requirements.

---

Covering Techniques

• Classic Code Injection Local Process
• Classic Code Injection Remote Process
• Classic Code Injection with API obfuscation
• Classic Code Injection using VirtualProtect
• Classic DLL Injection
• Reflective DLL Injection
• Unhook NTDLL.DLL (Lagos Island)
• Process Hollowing
• PE Injection
• AddressOfEntrypoint Injection
• APC Injection
• Early Bird Injection
• RWX Hunting and Injection
• Process Ghosting
• Module Stomping
• Remote Thread Hijacking
• PEB Walk Injection
• PEB Walk and API obfuscation
• NtCreateSection and NtMapViewOfSection
• Mokingjay
• Fork API Injection (Dirty Vanity)
• Injection Through Fibers
• NT APIs Injection
• Direct Syscalls
• Indirect Syscalls

---

Benefits

• Detailed Explaination: Step by Step walkthrough of each technique.
• Implementation: Implementation code available for each technique.
• Demonstartion: Demonstration videos available for each technique to understand the execution.

---

Demo

The following GIF showing the main page of process injection series.

---

Contact

For any inquiries or contributions, feel free to reach out to the ME.

---

Disclaimer

The content, techniques, and tools provided in this repository are intended solely for educational and research purposes within the cybersecurity community.

---

References

• https://attack.mitre.org/techniques/T1055/
• https://github.com/deepinstinct/Dirty-Vanity
• https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
• https://www.ired.team/
• https://github.com/jthuraisamy/SysWhispers2
• https://github.com/klezVirus/SysWhispers3
• https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop