Reflective DLL Injection

Executing DLL’s from memory.

DLL Injection

Injecting DLL’s into remote processes.

Interacting with Foreign Handlers

Writing stagers to interact with foreign C2 frameworks.

Persistence Mechanisms

Maintaining access to a target system.

Password Filters

Using password filters to intercept logon credentials.

Keystroke Logging

Logging Keystrokes with SetWindowHookEx.

Process Mitigation Policies & ACG

Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.

Parent Process ID Spoofing

Supplying arbitrary PPID values to CreateProcess.

Shellcode Obfuscation

Encoding Shellcode for use within malware.

Import Address Tables

Hiding IAT entries to evade detection.

Malicious Nim Code

Using Nim to write some simple tools.

System Call Execution

Writing a process injection tool using direct system calls.

ClickOnce Droppers

Creating a ClickOnce installer for Phishing campaigns.

NT API Shellcode Execution

Process Injection using NtCreateSection and NtMapViewOfSection.

Access Token Manipulation

Assuming other users identities by copying access tokens.

Shellcode Execution via Fibers

Using fibers instead of threads to run shellcode.

Process Argument Spoofing

Modifying the Process Environment Block for process argument spoofing.

Windows Defender Memory Scanning Evasion

Evading Windows Defender memory scanning.