Process-Injection on Jesus Oseguerahttps://r0tbyt3.dev/tags/process-injection/Recent content in Process-Injection on Jesus OsegueraHugoen-usAPI Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/api-hooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/api-hooking/API Hooking API Hooking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionCross-Architecture Injection x86 to x64https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/cross-architecture-injection-x86-to-x64/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/cross-architecture-injection-x86-to-x64/Cross-Architecture Injection x86 to x64 Cross-Architecture Injection x86 to x64 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionDLL Injection via ZwCreateThreadEx Kernelhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/dll-injection-via-zwcreatethreadex-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/dll-injection-via-zwcreatethreadex-kernel/DLL Injection via ZwCreateThreadEx Kernel DLL Injection via ZwCreateThreadEx Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionFunction Stompinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/function-stomping/Function Stomping Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionGhost Process Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghost-process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghost-process-injection/Ghost Process Injection Ghost Process Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionGhostly Hollowinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghostly-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghostly-hollowing/Ghostly Hollowing Ghostly Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionHardware Breakpoint Hooking Libraryhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-hooking-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-hooking-library/Hardware Breakpoint Hooking Library Hardware Breakpoint Hooking Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionHardware Breakpoint Threadless Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-threadless-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-threadless-injection/Hardware Breakpoint Threadless Injection Hardware Breakpoint Threadless Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionHellshallhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hellshall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hellshall/Hellshall Hellshall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionHerpaderping Hollowinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-hollowing/Herpaderping Hollowing Herpaderping Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionHerpaderping Process Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-process-injection/Herpaderping Process Injection Herpaderping Process Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionKnownDLL Cache Poisoning Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/knowndll-cache-poisoning-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/knowndll-cache-poisoning-injection/KnownDLL Cache Poisoning Injection KnownDLL Cache Poisoning Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionLibrary Proxy Loadinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/library-proxy-loading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/library-proxy-loading/Library Proxy Loading Library Proxy Loading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionLocal APC Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-apc-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-apc-injection/Local APC Injection Local APC Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionLocal DLL Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-dll-injection/Local DLL Injection Local DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionLocal Function Stompinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-function-stomping/Local Function Stomping Local Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionLocal Mapping Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-mapping-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-mapping-injection/Local Mapping Injection Local Mapping Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionModule Overloadinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-overloading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-overloading/Module Overloading Module Overloading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionModule Stompinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-stomping/Module Stomping Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionMultiple Anti-Debugging Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-anti-debugging-techniques/Multiple Anti-Debugging Techniques Multiple Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionMultiple Payload Execution Control Methodshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-payload-execution-control-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-payload-execution-control-methods/Multiple Payload Execution Control Methods Multiple Payload Execution Control Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPatchless Threadless Injection via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/patchless-threadless-injection-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/patchless-threadless-injection-via-hardware-breakpoints/Patchless Threadless Injection via Hardware Breakpoints Patchless Threadless Injection via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution Controlhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control/Payload Execution Control Payload Execution Control - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution Control via Eventshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-events/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-events/Payload Execution Control via Events Payload Execution Control via Events - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution Control via Mutexeshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-mutexes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-mutexes/Payload Execution Control via Mutexes Payload Execution Control via Mutexes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution Control via Semaphoreshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-semaphores/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-semaphores/Payload Execution Control via Semaphores Payload Execution Control via Semaphores - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via Callbackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-callbacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-callbacks/Payload Execution via Callbacks Payload Execution via Callbacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via CertEnumSystemStore Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstore-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstore-callback/Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStore Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via CertEnumSystemStoreLocation Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstorelocation-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstorelocation-callback/Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CertEnumSystemStoreLocation Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via CopyFileExW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-copyfileexw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-copyfileexw-callback/Payload Execution via CopyFileExW Callback Payload Execution via CopyFileExW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via CryptEnumOIDInfo Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-cryptenumoidinfo-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-cryptenumoidinfo-callback/Payload Execution via CryptEnumOIDInfo Callback Payload Execution via CryptEnumOIDInfo Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumCalendarInfoW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumcalendarinfow-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumcalendarinfow-callback/Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumCalendarInfoW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumDesktopsW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopsw-callback/Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumDesktopWindows Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopwindows-callback/Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDesktopWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumDirTreeW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdirtreew-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdirtreew-callback/Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDirTreeW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumDisplayMonitors Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdisplaymonitors-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdisplaymonitors-callback/Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumDisplayMonitors Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumerateLoadedModules Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumerateloadedmodules-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumerateloadedmodules-callback/Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumerateLoadedModules Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumFontFamiliesW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontfamiliesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontfamiliesw-callback/Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontFamiliesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumFontsW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontsw-callback/Payload Execution via EnumFontsW Callback Payload Execution via EnumFontsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumLanguageGroupLocalesW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumlanguagegrouplocalesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumlanguagegrouplocalesw-callback/Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumLanguageGroupLocalesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumObjects Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumobjects-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumobjects-callback/Payload Execution via EnumObjects Callback Payload Execution via EnumObjects Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumPageFilesW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpagefilesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpagefilesw-callback/Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPageFilesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumPropsW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpropsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpropsw-callback/Payload Execution via EnumPropsW Callback Payload Execution via EnumPropsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumPwrSchemes Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpwrschemes-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpwrschemes-callback/Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumPwrSchemes Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumResourceTypesW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumresourcetypesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumresourcetypesw-callback/Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumResourceTypesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumSystemLocalesEx Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumsystemlocalesex-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumsystemlocalesex-callback/Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumSystemLocalesEx Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumThreadWindows Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumthreadwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumthreadwindows-callback/Payload Execution via EnumThreadWindows Callback Payload Execution via EnumThreadWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumTimeFormatsEx Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumtimeformatsex-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumtimeformatsex-callback/Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumTimeFormatsEx Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumWindows Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindows-callback/Payload Execution via EnumWindows Callback Payload Execution via EnumWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via EnumWindowStationsW Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindowstationsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindowstationsw-callback/Payload Execution via EnumWindowStationsW Callback Payload Execution via EnumWindowStationsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via Fibershttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-fibers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-fibers/Payload Execution via Fibers Payload Execution via Fibers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via FlsAlloc Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-flsalloc-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-flsalloc-callback/Payload Execution via FlsAlloc Callback Payload Execution via FlsAlloc Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via ImageGetDigestStream Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-imagegetdigeststream-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-imagegetdigeststream-callback/Payload Execution via ImageGetDigestStream Callback Payload Execution via ImageGetDigestStream Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via ImmEnumInputContext Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-immenuminputcontext-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-immenuminputcontext-callback/Payload Execution via ImmEnumInputContext Callback Payload Execution via ImmEnumInputContext Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via InitOnceExecuteOnce Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-initonceexecuteonce-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-initonceexecuteonce-callback/Payload Execution via InitOnceExecuteOnce Callback Payload Execution via InitOnceExecuteOnce Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via SymEnumProcesses Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumprocesses-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumprocesses-callback/Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumProcesses Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via SymEnumSourceFiles Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumsourcefiles-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumsourcefiles-callback/Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymEnumSourceFiles Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionPayload Execution via SymFindFileInPath Callbackhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symfindfileinpath-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symfindfileinpath-callback/Payload Execution via SymFindFileInPath Callback Payload Execution via SymFindFileInPath Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionProcess Hollowinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hollowing/Process Hollowing Process Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionProcess Hypnosishttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hypnosis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hypnosis/Process Hypnosis Process Hypnosis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionProcess Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/Process Injection Process Injection - techniques for executing arbitrary code inside the address space of a legitimate process to evade detection and gain privileges. API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Execution Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Sleep Obfuscation Windows InternalsProxy Execute NtAllocateVirtualMemory with Timer APIs Chttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-timer-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-timer-apis-c/Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Timer APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionProxy Execute NtAllocateVirtualMemory with Work Item APIs Chttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-work-item-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-work-item-apis-c/Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionProxy Execute NtCreateThreadEx with Work Item APIs Chttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntcreatethreadex-with-work-item-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntcreatethreadex-with-work-item-apis-c/Proxy Execute NtCreateThreadEx with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionReflective DLL Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reflective-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reflective-dll-injection/Reflective DLL Injection Reflective DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionReimplementing Injection via Syscallshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reimplementing-injection-via-syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reimplementing-injection-via-syscalls/Reimplementing Injection via Syscalls Reimplementing Injection via Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRemote APC Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-apc-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-apc-injection/Remote APC Injection Remote APC Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRemote DLL Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-dll-injection/Remote DLL Injection Remote DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRemote Function Stompinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-function-stomping/Remote Function Stomping Remote Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRemote Mapping Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-mapping-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-mapping-injection/Remote Mapping Injection Remote Mapping Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRemote Module Stompinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-module-stomping/Remote Module Stomping Remote Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRemote Payload Execution via Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-payload-execution-via-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-payload-execution-via-injection/Remote Payload Execution via Injection Remote Payload Execution via Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionROP Hellshallhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/rop-hellshall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/rop-hellshall/ROP Hellshall ROP Hellshall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionRunPEhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/runpe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/runpe/RunPE RunPE - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionShellcode Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection/Shellcode Injection Shellcode Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionShellcode Injection via ZwCreateThreadEx Kernelhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection-via-zwcreatethreadex-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection-via-zwcreatethreadex-kernel/Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Injection via ZwCreateThreadEx Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionShellcode Reflective DLL Injection (sRDI) Techniquehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-reflective-dll-injection-srdi-technique/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-reflective-dll-injection-srdi-technique/Shellcode Reflective DLL Injection (sRDI) Technique Shellcode Reflective DLL Injection (sRDI) Technique - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code ExecutionThread Hijacking Kernelhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/thread-hijacking-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/thread-hijacking-kernel/Thread Hijacking Kernel Thread Hijacking Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Threadless Injection VEH Manipulation for Local Code ExecutionThreadless Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/threadless-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/threadless-injection/Threadless Injection Threadless Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel VEH Manipulation for Local Code ExecutionVEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/veh-manipulation-for-local-code-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/veh-manipulation-for-local-code-execution/VEH Manipulation for Local Code Execution VEH Manipulation for Local Code Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection