Advanced Process Injection Techniques

Back to the list of Speakers and Sessions
Watch the stream
Adversaries are performing process Injection techniques to evade defenses / circumvent security controls in an enterprise environment enabling them privileged access / low-level persistence.

"Advanced Process Injection Techniques" is a hands-on workshop focused on providing candidates insights about the APT tactics & techniques on the privilege escalation & persistence phase. This workshop is a quick deep-dive into the Microsoft windows world of process, memory and internals. There are 7 hands-on labs focused on host-level injection techniques, the candidates will learn how to develop custom trade-craft that stealthily input implants and escalate privileges.

The workshop outline are as follows :

1) PE Basics (10 minutes) 2) 7 Process Injection Labs (2 hr : 50 minutes) - APC Code Injection (25 min) - Module Stomping (25 min) - Process Hollowing (15 min) - Process Doppelganging (30 min) - Transacted Hollowing (20 min) - Process Herpaderping (20 min) - Process Ghosting (10 min)

The lab content / lab material are listed here :

For any feedback / clarifications please contact

Pre-requisites/assumed knowledge:

Intermediate to Advanced level knowledge is required.

1) Familiarity with windows internals (but not mandatory) 2) PE basics (but now mandatory)

Participants should prepare by:

The details are mentioned here :

Participants must have the following equipment:

The details are mentioned here :