Centralized resource for listing and organizing known injection techniques and POCs
- Introduction
- Linux Injection
- Windows Injection
- Process Spawning
- Process Injection
- Classic Dll Injection
- Classic Shellcode Injection
- Dll Injection via SetWindowsHookEx
- Reflective Dll Injection
- PE Injection
- Section Mapping Injection
- APC Queue Injection
- Thread Execution Hijacking
- Atom Bombing Injection
- Mocking jay Injection
- ListPlanting Injection
- Extra Window Memory Injection
- ThreadlessInject
- EPI
- DllNotification Injection
- D1rkInject
- NtQueueAPCThreadEx Gadget Injection
- Dirty-Vanity
- Function Stomping
- Caro-Kann
- Stack Bombing
- Ghost Writing
- Ghost Writing 2
- Mapping Injection with Instrumentation Callback
- SetProcessInjection
- Pool Party Injection
- Thread Name Calling
I've been thinking about putting together a list of process injection techniques and ingenious POCs because I haven't found a decent one. This list focuses on process-spawning injection methods and actual process injection, excluding pre-execution techniques (e.g. AppCert and AppInit Dlls), and self-injection techniques.
PRs are welcome to help me maintain and extend this list!
- https://attack.mitre.org/techniques/T1055/009/
- https://github.com/DavidBuchanan314/dlinject
- https://github.com/AonCyberLabs/Cexigua
- https://www.cyberbit.com/endpoint-security/new-early-bird-code-injection-technique-discovered/
- https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection
- https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/
- https://github.com/Cracked5pider/earlycascade-injection
- https://attack.mitre.org/techniques/T1055/001/
- https://www.ired.team/offensive-security/code-injection-process-injection/dll-injection
- https://attack.mitre.org/techniques/T1055/001/
- https://github.com/stephenfewer/ReflectiveDLLInjection
- https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
- https://attack.mitre.org/techniques/T1055/002/
- https://www.ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes
- https://attack.mitre.org/techniques/T1055/004/
- https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection
- https://attack.mitre.org/techniques/T1055/003/
- https://www.ired.team/offensive-security/code-injection-process-injection/injecting-to-remote-process-via-thread-hijacking
- https://attack.mitre.org/techniques/T1055/015/
- https://cocomelonc.github.io/malware/2022/11/27/malware-tricks-24.html
- https://github.com/c0de90e7/GhostWriting
- https://blog.sevagas.com/IMG/pdf/code_injection_series_part5.pdf