Slide 6
Slide 6 text
>_man inject
There're serval well-known techniques
• Shellcode Inject or DLL Inject - OpenProcess, VirtualAllocExRWX,
WriteProcessMemory, CreateRemoteThread
• Process Hollowing (aka RunPE) - OpenProcess, CreateProcessASuspended,
Mapping PE FileVirtualAllocEx + WriteProcessMemory, GetThreadContext, and
ResumeThread to Execute exe file from memory
• Thread Hijack or AtomBombing - QueueUserAPC, Inline Hook, or IAT
Hijack
• Memory Exploit (PowerLoaderEX) - SetWindowLong, SendNotifyMessage