Thread Context Code Injection - Havoc C2

New to Maldev? Start with our Maldev 101 foundational series before diving in: https://www.rbtsec.com/blog/category/maldev/ In this video demonstration from RBT Security Labs, we break down Thread Context Code Injection, a classic process injection technique that hijacks an existing thread by modifying its execution context. Using a custom payload generated with the Havoc C2 framework, we show how an attacker can redirect a suspended thread’s instruction pointer to injected shell code, allowing code execution inside a legitimate process such as notepad.exe. This demo is focused on behavior and technique, helping defenders and researchers understand how attackers blend malicious execution into legitimate workloads. Like & Subscribe for more real-world offensive security research from RBT Security Labs. Follow Us: Discord: https://discord.gg/UnHBp9FuGK LinkedIn: https://www.linkedin.com/company/rbtsecurity/ Twitter: https://twitter.com/RBTSecurity Facebook: https://www.facebook.com/RBTSecur1ty/ GitHub: https://github.com/rbtsecurity/ Contact Us: For business inquiries and collaborations, please email us at [email protected] Educational Disclaimer: All content is intended for educational purposes only, to promote ethical hacking and security research. #RedTeam #Maldev #ProcessInjection #WindowsInternals #OffensiveSecurity #RBTSecurity #CodeInjection #ThreadContextCodeInjection