Advanced Process Injection Techniques • NorthSec 2024

Retour à la liste des conférenciers et sessions
Écoutez la diffusion

Adversaries are performing process Injection techniques to evade defenses / circumvent security controls in an enterprise environment enabling them privileged access / low-level persistence.

"Advanced Process Injection Techniques" is a hands-on workshop focused on providing candidates insights about the APT tactics & techniques on the privilege escalation & persistence phase. This workshop is a quick deep-dive into the Microsoft windows world of process, memory and internals. There are 7 hands-on labs focused on host-level injection techniques, the candidates will learn how to develop custom trade-craft that stealthily input implants and escalate privileges.

The workshop outline are as follows :

1) PE Basics (10 minutes) 2) 7 Process Injection Labs (2 hr : 50 minutes) - APC Code Injection (25 min) - Module Stomping (25 min) - Process Hollowing (15 min) - Process Doppelganging (30 min) - Transacted Hollowing (20 min) - Process Herpaderping (20 min) - Process Ghosting (10 min)

The lab content / lab material are listed here : https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop

For any feedback / clarifications please contact yashb@cyberwarfare.live

Pre-requisites/assumed knowledge:

Intermediate to Advanced level knowledge is required.

1) Familiarity with windows internals (but not mandatory) 2) PE basics (but now mandatory)

Participants should prepare by:

The details are mentioned here : https://docs.google.com/document/d/1bNrSDWy-Yc3as2ZlvB_X3XOICUjbGUaKkw9PHDvxNAo/edit

Participants must have the following equipment:

The details are mentioned here : https://docs.google.com/document/d/1bNrSDWy-Yc3as2ZlvB_X3XOICUjbGUaKkw9PHDvxNAo/edit