NorthSec 2022

Advanced Process Injection Techniques
2022-05-20, 14:00–16:30, Virtual

Adversaries are performing process Injection techniques to evade defenses / circumvent security controls in an enterprise environment enabling them privileged access / low-level persistence.


"Advanced Process Injection Techniques" is a hands-on workshop focused on providing candidates insights about the APT tactics & techniques on the privilege escalation & persistence phase. This workshop is a quick deep-dive into the Microsoft windows world of process, memory and internals. There are 7 hands-on labs focused on host-level injection techniques, the candidates will learn how to develop custom trade-craft that stealthily input implants and escalate privileges.

The workshop outline are as follows :

1) PE Basics (10 minutes)
2) 7 Process Injection Labs (2 hr : 50 minutes)
- APC Code Injection (25 min)
- Module Stomping (25 min)
- Process Hollowing (15 min)
- Process Doppelganging (30 min)
- Transacted Hollowing (20 min)
- Process Herpaderping (20 min)
- Process Ghosting (10 min)

The lab content / lab material are listed here : https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop

For any feedback / clarifications please contact yashb@cyberwarfare.live


What is the language of your talk/workshop?

English

Logistics Note

This is a remote workshop.

Eventbrite link

https://www.eventbrite.ca/e/northsec-2022-tickets-197831107167

Yash Bharadwaj, CTO and Senior Security Researcher at CyberWarFare Labs [Incubated by IIT Kanpur]. With his expertise of 4+ years in Red Teaming, he is highly attentive towards finding, learning and discovering new TTP’s used during offensive engagements, he is a Subject Matter Expert on Active Directory Attacks. His area of interest includes (but not limited to) evading AVs, EDRs, Active Directory infrastructure and Advance Windows & cloud-based attacks. He has done various on-site / remote Red Team engagements in MNCs, government agencies etc. Previously he has delivered hands-on red team trainings at BSIDES Ahmedabad, OWASP Seasides 19, Red & Blue Team Training at BSIDES Delhi and BSIDES Connecticut (USA), OWASP APPSEC Indonesia 20, CISO Platform 21. He has delivered Cyber Security Trainings in Asia’s largest Information Security Conference Nullcon 21. You can reach out to him on Twitter @flopyash