حقن العمليات في ويندوز يكشف تفاصيل لا تظهر دائمًا في السجلات. فهم Breaking BaDDEr يساعد فرق الأمن على قراءة السلوكيات الخفية وتحسين منطق الرصد قبل أن تتحول إلى فجوات دفاعية. Process injection is where small details matter. Breaking BaDDEr offers a practical look at Windows injection behavior and what defenders can learn from it to improve detection logic. modexp.wordpress.com/2019/08… #WindowsSecurity #ProcessInjection #ThreatDetection

Process injection techniques: DLL injection, process hollowing, reflective DLL loading, thread hijacking. Blue teamers: monitor for CreateRemoteThread, WriteProcessMemory, and VirtualAllocEx API calls. #ProcessInjection #Detection

I built a working DLL injector in C from scratch. Same technique used by Emotet, Cobalt Strike, and custom C2 implants to hijack trusted processes like explorer.exe and svchost.exe. Here's the full injection chain explained 👇 OpenProcess → VirtualAllocEx → WriteProcessMemory → GetProcAddress → CreateRemoteThread Understanding how to build the tool is how you learn to detect it. #DLLInjection #MalwareDev #WindowsInternals #RedTeam #ProcessInjection #OffensiveSecurity youtu.be/OlMkj1jMyDI

Walk-through of Jack Halon's "Utilizing Syscalls in C# — Part 2" post: building a direct-syscall NtCreateFile PoC in C# .NET 3.5, extracting the syscall stub from ntdll in WinDbg, mapping it as executable memory with VirtualProtect, invoking it through a P/Invoke delegate, and verifying via Process Monitor that the call goes straight to the kernel without touching ntdll's NtCreateFile prologue. core-jmp.org/2026/06/red-tea… #NET #C# #DefenseEvasion #DirectSyscalls #EDR #EDRBypass #EDREvasion #NativeAPI #NtCreateFile #PInvoke #ProcessInjection #RedTeaming #SharpSploit #Syscalls #SysWhispers #WinDBG

Thai-Based Malware Staging Server Uncovered During our recent threat hunting operations, we identified an exposed open directory hosted on a Thai ISP infrastructure, serving on a non-standard port. What initially appeared as a misconfigured Lighttpd server quickly revealed a far more concerning picture upon deeper analysis. 🧩 Infrastructure Fingerprint • Host: 183.89.248.17[:]60000 • Web Server: Lighttpd on Debian GNU/Linux • ISP: Triple T Broadband (3BB), Nonthaburi, Thailand ⚠️ Malicious Artifacts Identified Static analysis of the binary retrieved from the directory revealed the following indicators: - ELF Binaries (Linux x86-64 — GCC Debian 10.2.1); "case-kkthai" Two separate ELF executables with identical import tables but differing obfuscated string blocks — consistent with a build-time payload differentiation pattern: •ptrace /proc/[PID]/as access → Process Memory Injection capability •argv[0] manipulation with hardcoded failure string "E: neither argv[0] nor $_ works." → Process Cloaking attempt •fork execvp waitpid chain → Daemonization & Persistence mechanism •putenv getenv → Runtime environment manipulation #CTI #ThreatIntelligence #ThreatHunting #MalwareAnalysis #OpenDirectory #InfoSec #CyberSecurity #ProcessInjection #ELF #Thailand #opendir

Process Herpaderping (MITRE T1055) 🧠🔥 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Process Herpaderping is an advanced defense evasion technique where attackers modify a file after it is mapped into memory but before execution, confusing security tools and bypassing detection mechanisms. 📚 Techniques Covered in This Guide ⚙️ Background of Process Injection (MITRE T1055) 🧠 Understanding Process Herpaderping 🔎 How AV/EDR Detection Works ⚡ Bypassing Security using Memory Manipulation 💻 Step-by-Step Demonstration 📂 Payload Execution under Legit Process 🐚 Reverse Shell via Hidden Execution 📡 Detection Techniques (Sysmon, Behavioral Analysis) 🛡 Mitigation Strategies & Defense 👉 This technique falls under Defense Evasion & Privilege Escalation, allowing attackers to execute malicious code under trusted processes. 📖 Article: hackingarticles.in/process-h… #CyberSecurity #EthicalHacking #Pentesting #RedTeam #MITRE #ProcessInjection #InfoSec

The Watchdog: A Dual-Process Supervision Model. Short technical breakdown of The Watchdog on our blog: exploitpack.com/blogs/news/t… #RedTeam #PostExploitation #C2 #Persistence #ProcessInjection #CyberSecurity #ThreatHunting #MalwareDev #InfoSec #EDR #AVEvasion

The final class of Module 6 is live! 🚨 Process Injection—still used in real attacks, and now fully explained step by step. Watch the last class now on YouTube @hackdef_official. #HackDef #ProcessInjection #DFIR #BlueTeam #infosec

Centralized resource for listing and organizing known injection techniques and POCs: //#ProcessInjection

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

What you can’t see can still hurt you 🫣 Our new blue teaming Module breaks down how attackers inject malicious code into legitimate processes and how to detect it before damage is done. Get started on #HTBAcademy and Academy for Business: okt.to/FIdmR2 #HackTheBox #HTB #Cybersecurity #InformationSecurity #DFIR #ProcessInjection

Cyble analyzes a malicious campaign targeting the manufacturing industry, using process injections to deliver Lumma Stealer and Amadey bot. cyble.com/blog/threat-actor-… #manufacturing #ProcessInjection #LummaStealer #AmadeyBot #CRIL

Basics to Advanced Process Injection. Covering 25 Techniques github.com/Offensive-Panda/P… #processinjection #malwaredevelopment #infosec #cybersecurity #offensivesecurity

Thread Name-Calling – using Thread Name for offense #ThreadNameCalling #ProcessInjection #AVevasion #ThreadNameOffense #NextGenMalware research.checkpoint.com/2024…

🔍 Process Injection: Traditional defenses might miss it, but Warden doesn’t. By virtualizing the environment, Warden blocks unauthorized code from executing, stopping attackers from injecting harmful processes that could compromise system integrity. #ProcessInjection #SecOps

امشب در برنامه ی Off By One Security میخوان در مورد تکنیکهای #ProcessInjection و بصورت تخصصی #ProcessHollowing و #شلکد صحبت کنن. مهمان این قسمت @jstrosch هستش. اگه فرصت نکردید ببینید یا منتظر زیرنویس بودید، میتونید بعدا هم از این لینکها مشاهده کنید. #تیم_قرمز #live

🚀 Take your cybersecurity skills to the next level with our Advanced Process Injection Techniques course. 👉🏻Enroll now for just $49: cyberwarfare.live/product/pr… #CyberSecurity #ProcessInjection #EnrollNow

ProcessInjection. tool designed to perform process injection. currently supports 5 process injection techniques github.com/3xpl01tc0d3r/Proc…

ProcessInjection. tool designed to perform process injection. currently supports 5 process injection techniques github.com/3xpl01tc0d3r/Proc…

Abusing Windows Internals - I have just completed this room! Check it out: tryhackme.com/room/abusingwi… #tryhackme #Windows #Evasion #ProcessInjection #RedTeam #PortableExecutable #DLLInjection #PEInjection #ProcessHollowing #abusingwindowsinternals via @tryhackme