search

WDavid404 / Note_tryhackme

0 stars 0 forks source link

Host Evasions -- Windows #15

Open WDavid404 opened 7 months ago

WDavid404 commented 7 months ago

Process Abuse

At a high level, shellcode injection can be broken up into four steps:

  1. Open a target process with all access rights.
  2. Allocate target process memory for the shellcode.
  3. Write shellcode to allocated memory in the target process.
  4. Execute the shellcode using a remote thread. image

Expand process abuse

At a high-level process hollowing can be broken up into six steps:

  1. Create a target process in a suspended state.
  2. Open a malicious image.
  3. Un-map legitimate code from process memory.
  4. Allocate memory locations for malicious code and write each section into the address space.
  5. Set an entry point for the malicious code.
  6. Take the target process out of a suspended state.

image