Malware Theory - Process Injection

This is an overview to common process injection techniques used by malware, including AtomBombing, Process Hollowing aka RunPE, Process Doppelgänging. Malware analysis courses: https://malwareanalysis-for-hedgehogs.learnworlds.com/courses Buy me a coffee: https://ko-fi.com/struppigel Follow me on Twitter: https://twitter.com/struppigel My process Injection overview infographic: http://struppigel.blogspot.com/2017/07/process-injection-info-graphic.html Process Injection Techniques Gotta Catch Them All: https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All.pdf Atom bombing: https://www.fortinet.com/blog/threat-research/atombombing-brand-new-code-injection-technique-for-windows Atom bombing: https://www.enisa.europa.eu/publications/info-notes/atombombing-2013-a-new-code-injection-attack Process Doppelgänging: https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/ Hasherezade's video on creating the illusion of executing a TXT file: https://www.youtube.com/watch?v=XmWOj-cfixs DLL injection https://en.wikipedia.org/wiki/DLL_injection DLL Injection via LoadLibrary/CreateRemoteThread: https://www.codeproject.com/Articles/4610/Three-Ways-to-Inject-Your-Code-into-Another-Proces DLL Search Order Hijacking (DLL injection that is not process injection): https://dmcxblue.gitbook.io/red-team-notes/persistence/dll-search-order-hijacking Backdooring PE files with shellcode (code injection that is not process injection): https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode