Code injection is a technique that is increasingly used by attackers to bypass application whitelisting. But most defenders have no idea how code injection really works. It’s challenging to investigate attackers using code injection if you don’t understand what they’re doing.
Most penetration testers/red team members don’t really understand code injection either, despite their near constant use of it. Ever used the “migrate” feature of metasploit? You’ve used code injection. Do you know how it works or why? You should – it will make you better at your job.
In this course, we’ll start by covering the basics of code injection, using the venerable “CreateRemoteThread” and move into advanced topics like Atom Bombing and Gargoyle that evade most traditional forensics techniques.
Source and binary code will be provided for all examples, so whether you work in offense or defense, you’ll be able to immediately level up.