itaymigdal / awesome-injection

Centralized resource for listing and organizing known injection techniques and POCs

awesome-list process-injection

Centralized resource for listing and organizing known injection techniques and POCs

Introduction
Linux Injection
- Process Spawning
  - LD_PRELOAD
- Process Injection
  - PTRACE
  - Proc Memory
Windows Injection
- Process Spawning
- Process Injection

Introduction

I've been thinking about putting together a list of process injection techniques and ingenious POCs because I haven't found a decent one. This list focuses on process-spawning injection methods and actual process injection, excluding pre-execution techniques (e.g. AppCert and AppInit Dlls), and self-injection techniques.

PRs are welcome to help me maintain and extend this list!

Linux Injection

Process Spawning

LD_PRELOAD

https://attack.mitre.org/techniques/T1574/006/

Process Injection

PTRACE

Proc Memory

Windows Injection

Process Spawning

Process Hollowing

Transacted Hollowing

https://github.com/hasherezade/transacted_hollowing

Process Doppelganging

Process Herpaderping

https://github.com/jxy-s/herpaderping

Process Ghosting

https://github.com/hasherezade/process_ghosting

Early Bird

EntryPoint Patching

https://www.ired.team/offensive-security/code-injection-process-injection/addressofentrypoint-code-injection-without-virtualallocex-rwx

Ruy-Lopez

https://github.com/S3cur3Th1sSh1t/Ruy-Lopez

Process Injection

Classic Dll Injection

Classic Shellcode Injection

https://www.ired.team/offensive-security/code-injection-process-injection/process-injection

Dll Injection via SetWindowsHookEx

https://github.com/DrNseven/SetWindowsHookEx-Injector

Reflective Dll Injection

PE Injection

Section Mapping Injection

https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection

APC Queue Injection

Thread Execution Hijacking

Atom Bombing Injection

https://github.com/BreakingMalwareResearch/atom-bombing

Mocking jay Injection

https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution

ListPlanting Injection

Extra Window Memory Injection

ThreadlessInject

https://github.com/CCob/ThreadlessInject

EPI

https://github.com/Kudaes/EPI

DllNotification Injection

https://github.com/Dec0ne/DllNotificationInjection

D1rkInject

https://github.com/TheD1rkMtr/D1rkInject

NtQueueAPCThreadEx Gadget Injection

https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection

Dirty-Vanity

https://github.com/deepinstinct/Dirty-Vanity

Function Stomping

https://github.com/Idov31/FunctionStomping

Caro-Kann

https://github.com/S3cur3Th1sSh1t/Caro-Kann

Stack Bombing

https://github.com/maziland/StackBombing

Ghost Writing

Ghost Writing 2

https://github.com/fern89/ghostwriting-2

Mapping Injection with Instrumentation Callback

https://github.com/antonioCoco/Mapping-Injection

SetProcessInjection

https://github.com/OtterHacker/SetProcessInjection

Pool Party Injection

Thread Name Calling

About

Centralized resource for listing and organizing known injection techniques and POCs

awesome-list process-injection