awesome-injection
awesome-injection copied to clipboard
itaymigdal
Centralized resource for listing and organizing known injection techniques and POCs
Centralized resource for listing and organizing known injection techniques and POCs
- Introduction
- Linux Injection
- Process Spawning
- LD_PRELOAD
- Process Injection
- PTRACE
- Proc Memory
- Process Spawning
- Windows Injection
- Process Spawning
- Process Hollowing
- Transacted Hollowing
- Process Doppelganging
- Process Herpaderping
- Process Ghosting
- Early Bird
- EntryPoint Patching
- Ruy-Lopez
- Process Injection
- Classic Dll Injection
- Classic Shellcode Injection
- Dll Injection via SetWindowsHookEx
- Reflective Dll Injection
- PE Injection
- Section Mapping Injection
- APC Queue Injection
- Thread Execution Hijacking
- Atom Bombing Injection
- Mocking jay Injection
- ListPlanting Injection
- Extra Window Memory Injection
- ThreadlessInject
- EPI
- DllNotification Injection
- D1rkInject
- NtQueueAPCThreadEx Gadget Injection
- Dirty-Vanity
- Function Stomping
- Caro-Kann
- Stack Bombing
- Ghost Writing
- Mapping Injection with Instrumentation Callback
- SetProcessInjection
- Pool Party Injection
- Process Spawning
Introduction
I've been thinking about putting together a list of process injection techniques and ingenious POCs because I haven't found a decent one. This list focuses on process-spawning injection methods and actual process injection, excluding pre-execution techniques (e.g. AppCert and AppInit Dlls), and self-injection techniques.
PRs are welcome to help me maintain and extend this list!
Linux Injection
Process Spawning
LD_PRELOAD
- https://attack.mitre.org/techniques/T1574/006/
Process Injection
PTRACE
- https://attack.mitre.org/techniques/T1055/008/
- https://github.com/kubo/injector
Proc Memory
- https://attack.mitre.org/techniques/T1055/009/
- https://github.com/DavidBuchanan314/dlinject
- https://github.com/AonCyberLabs/Cexigua
Windows Injection
Process Spawning
Process Hollowing
- https://attack.mitre.org/techniques/T1055/012/
- https://github.com/m0n0ph1/Process-Hollowing
Transacted Hollowing
- https://github.com/hasherezade/transacted_hollowing
Process Doppelganging
- https://attack.mitre.org/techniques/T1055/013/
- https://github.com/hasherezade/process_doppelganging
Process Herpaderping
- https://github.com/jxy-s/herpaderping
Process Ghosting
- https://github.com/hasherezade/process_ghosting
Early Bird
- https://www.cyberbit.com/endpoint-security/new-early-bird-code-injection-technique-discovered/
- https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection
EntryPoint Patching
- https://www.ired.team/offensive-security/code-injection-process-injection/addressofentrypoint-code-injection-without-virtualallocex-rwx
Ruy-Lopez
- https://github.com/S3cur3Th1sSh1t/Ruy-Lopez
Process Injection
Classic Dll Injection
- https://attack.mitre.org/techniques/T1055/001/
- https://www.ired.team/offensive-security/code-injection-process-injection/dll-injection
Classic Shellcode Injection
- https://www.ired.team/offensive-security/code-injection-process-injection/process-injection
Dll Injection via SetWindowsHookEx
- https://github.com/DrNseven/SetWindowsHookEx-Injector
Reflective Dll Injection
- https://attack.mitre.org/techniques/T1055/001/
- https://github.com/stephenfewer/ReflectiveDLLInjection
- https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
PE Injection
- https://attack.mitre.org/techniques/T1055/002/
- https://www.ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes
Section Mapping Injection
- https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection
APC Queue Injection
- https://attack.mitre.org/techniques/T1055/004/
- https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection
Thread Execution Hijacking
- https://attack.mitre.org/techniques/T1055/003/
- https://www.ired.team/offensive-security/code-injection-process-injection/injecting-to-remote-process-via-thread-hijacking
Atom Bombing Injection
- https://github.com/BreakingMalwareResearch/atom-bombing
Mocking jay Injection
- https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
ListPlanting Injection
- https://attack.mitre.org/techniques/T1055/015/
- https://cocomelonc.github.io/malware/2022/11/27/malware-tricks-24.html
Extra Window Memory Injection
- https://attack.mitre.org/techniques/T1055/011/
- https://github.com/BreakingMalware/PowerLoaderEx
ThreadlessInject
- https://github.com/CCob/ThreadlessInject
EPI
- https://github.com/Kudaes/EPI
DllNotification Injection
- https://github.com/ShorSec/DllNotificationInjection
D1rkInject
- https://github.com/TheD1rkMtr/D1rkInject
NtQueueAPCThreadEx Gadget Injection
- https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
Dirty-Vanity
- https://github.com/deepinstinct/Dirty-Vanity
Function Stomping
- https://github.com/Idov31/FunctionStomping
Caro-Kann
- https://github.com/S3cur3Th1sSh1t/Caro-Kann
Stack Bombing
- https://github.com/maziland/StackBombing
Ghost Writing
- https://github.com/c0de90e7/GhostWriting
- https://blog.sevagas.com/IMG/pdf/code_injection_series_part5.pdf
Mapping Injection with Instrumentation Callback
- https://github.com/antonioCoco/Mapping-Injection
SetProcessInjection
- https://github.com/OtterHacker/SetProcessInjection
Pool Party Injection
- https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
- https://github.com/SafeBreach-Labs/PoolParty
Metadata
197
Stars
30
Forks
Watchers
Owner
itaymigdal
Metadata
Centralized resource for listing and organizing known injection techniques and POCs