Introduction

THM Room: Abusing Windows Internals

What?

Process injection is an old technique used by malware.

Why?

• Running without a process.

• Placing user-mode hooks for a rootkit or formgrabber.

• Bypassing antivirus/firewalls by injecting whitelisted processes.

How?

• Shellcode injection

• Process hollowing

• Thread execution hijacking

• Dynamic-link library injection

• Portable executable injection

• TrickBot

• More attacks in MITRE T1055