Skip to content
/ ProcessInjectionTechniques Public

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques and methods used by adversaries.

offensive-panda.github.io/processinjectiontechniques/

License

MIT license
263 stars 34 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Offensive-Panda/ProcessInjectionTechniques

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

127 Commits
APC_QUEUE_INJECTION
APC_QUEUE_INJECTION
 
 
AddressOfEntryPoint_Code_Injection
AddressOfEntryPoint_Code_Injection
 
 
Assets
Assets
 
 
Classic_Code_Injection_API_Obfuscate
Classic_Code_Injection_API_Obfuscate
 
 
Classic_Code_Injection_Local
Classic_Code_Injection_Local
 
 
Classic_Code_Injection_Remote
Classic_Code_Injection_Remote
 
 
Classic_Code_Injection_Remote_VP
Classic_Code_Injection_Remote_VP
 
 
Classic_DLL_Injection
Classic_DLL_Injection
 
 
DV_NEW
DV_NEW
 
 
DirectSyscalls
DirectSyscalls
 
 
EarlyBird_Code_Injection
EarlyBird_Code_Injection
 
 
IndirectSyscalls
IndirectSyscalls
 
 
Injection_Through_Fiber
Injection_Through_Fiber
 
 
Module_Stomping
Module_Stomping
 
 
Mokingjay
Mokingjay
 
 
NTAPI_Injection
NTAPI_Injection
 
 
NtCreateSection_MapViewOfSection
NtCreateSection_MapViewOfSection
 
 
PEB_WALK_API_OBFUSCATION
PEB_WALK_API_OBFUSCATION
 
 
PEB_WALK_INJECTION
PEB_WALK_INJECTION
 
 
PE_Code_Injection
PE_Code_Injection
 
 
Process_Ghosting
Process_Ghosting
 
 
Process_Hollowing
Process_Hollowing
 
 
RWX_Hunting_Injection
RWX_Hunting_Injection
 
 
Reflective_DLL_Injection
Reflective_DLL_Injection
 
 
Reflective_DLL_Loading_Lagos_Island
Reflective_DLL_Loading_Lagos_Island
 
 
Remote_Thread_Hijacking
Remote_Thread_Hijacking
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 
index.html
index.html
 
 

Repository files navigation

Process Injection Series

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques and methods used by adversaries.

Purpose

The purpose of the Process Injection Series is to share valuable knowledge with the cybersecurity community, particularly those eager to learn about malware development and advanced evasion techniques. Through this series, I aim to not only expand my own expertise but also provide a centralized resource for all tactics, techniques, and procedures (TTPs) related to process injection. By doing so, I hope to empower others with the skills and understanding needed to navigate and contribute to the evolving landscape of cybersecurity.

Shellcode

Throughout the series, I will be using my custom-generated shellcode, which displays a message box with the text "Hello from Offensive Panda." This shellcode serves as a consistent and straightforward payload for demonstrating various process injection techniques. However, you are encouraged to experiment with different shellcodes tailored to your needs, allowing you to explore and apply the concepts in ways that best suit your learning objectives or project requirements.

Covering Techniques

  • Classic Code Injection Local Process
  • Classic Code Injection Remote Process
  • Classic Code Injection with API obfuscation
  • Classic Code Injection using VirtualProtect
  • Classic DLL Injection
  • Reflective DLL Injection
  • Unhook NTDLL.DLL (Lagos Island)
  • Process Hollowing
  • PE Injection
  • AddressOfEntrypoint Injection
  • APC Injection
  • Early Bird Injection
  • RWX Hunting and Injection
  • Process Ghosting
  • Module Stomping
  • Remote Thread Hijacking
  • PEB Walk Injection
  • PEB Walk and API obfuscation
  • NtCreateSection and NtMapViewOfSection
  • Mokingjay
  • Fork API Injection (Dirty Vanity)
  • Injection Through Fibers
  • NT APIs Injection
  • Direct Syscalls
  • Indirect Syscalls

Benefits

  • Detailed Explaination: Step by Step walkthrough of each technique.
  • Implementation: Implementation code available for each technique.
  • Demonstartion: Demonstration videos available for each technique to understand the execution.

Demo

The following GIF showing the main page of process injection series. Demo

Contact

For any inquiries or contributions, feel free to reach out to the ME.

Disclaimer

The content, techniques, and tools provided in this repository are intended solely for educational and research purposes within the cybersecurity community.

References

About

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques and methods used by adversaries.

offensive-panda.github.io/ProcessInjectionTechniques/

Resources

Readme

License

MIT license
Activity

Stars

263 stars

Watchers

4 watching

Forks

34 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages