{"id":31770,"date":"2024-01-22T04:36:53","date_gmt":"2024-01-22T04:36:53","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31770"},"modified":"2024-01-22T04:36:57","modified_gmt":"2024-01-22T04:36:57","slug":"dllnotificationinjection","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/","title":{"rendered":"DllNotificationInjection – Exploring A Novel Threadless Process Injection Technique"},"content":{"rendered":"\n

DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.<\/p>\n\n\n\n

An accompanying blog post with more details is available here<\/a><\/p>\n\n\n\n

How It Works?<\/strong><\/h2>\n\n\n\n

DllNotificationInection works by creating a new\u00a0LDR_DLL_NOTIFICATION_ENTRY<\/strong>\u00a0in the remote process. <\/p>\n\n\n\n

It inserts it manually into the remote\u00a0LdrpDllNotificationList<\/strong>\u00a0by patching of the\u00a0List.Flink<\/strong>\u00a0of the list head and the\u00a0List.Blink<\/strong>\u00a0of the first entry (now second) of the list.<\/p>\n\n\n\n

Our new\u00a0LDR_DLL_NOTIFICATION_ENTRY<\/strong>\u00a0will point to a custom trampoline shellcode (built with\u00a0@C5pider<\/a>‘s\u00a0ShellcodeTemplate<\/a>\u00a0project) that will restore our changes and execute a malicious shellcode in a new thread using\u00a0TpWorkCallback<\/strong>.<\/p>\n\n\n\n

After manually registering our new entry in the remote process we just need to wait for the remote process to trigger our DLL Notification Callback by loading or unloading some DLL. <\/p>\n\n\n\n

This obviously doesn’t happen in every process regularly so prior work finding suitable candidates for this injection technique is needed. <\/p>\n\n\n\n

From my brief searching, it seems that\u00a0RuntimeBroker.exe<\/strong>\u00a0and\u00a0explorer.exe<\/strong>\u00a0are suitable candidates for this, although I encourage you to find others as well.<\/p>\n\n\n\n

<\/a>OPSEC Notes<\/strong><\/h2>\n\n\n\n

This is a POC. In order for this to be OPSEC safe and evade AV\/EDR products, some modifications are needed. For example, I used\u00a0RWX<\/strong>\u00a0when allocating memory for the shellcodes – don’t be lazy (like me) and change those. <\/p>\n\n\n\n

One also might want to replace\u00a0OpenProcess<\/strong>,\u00a0ReadProcessMemory<\/strong>\u00a0and\u00a0WriteProcessMemory<\/strong>\u00a0with some lower level APIs and use\u00a0Indirect Syscalls<\/strong>\u00a0or (shameless plug)\u00a0HWSyscalls<\/strong>. <\/p>\n\n\n\n

Maybe encrypt the shellcodes or even go the extra mile and modify the trampoline shellcode to suit your needs, or at least change the default hash values in\u00a0@C5pider<\/a>‘s\u00a0ShellcodeTemplate<\/a>\u00a0project which was utilized to create the trampoline shellcode.<\/p>\n","protected":false},"excerpt":{"rendered":"

DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog post with more details is available here How It Works? DllNotificationInection works by creating a new\u00a0LDR_DLL_NOTIFICATION_ENTRY\u00a0in the remote process. It inserts it manually into the remote\u00a0LdrpDllNotificationList\u00a0by […]<\/p>\n","protected":false},"author":12,"featured_media":31775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,6502,6321,6052,6325],"class_list":["post-31770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-dllnotificationinjection","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"\nDllNotificationInjection<\/title>\n<meta name=\"description\" content=\"DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DllNotificationInjection\" \/>\n<meta property=\"og:description\" content=\"DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-22T04:36:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-22T04:36:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"DllNotificationInjection – Exploring A Novel Threadless Process Injection Technique\",\"datePublished\":\"2024-01-22T04:36:53+00:00\",\"dateModified\":\"2024-01-22T04:36:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\"},\"wordCount\":315,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp\",\"keywords\":[\"cybersecurity\",\"DllNotificationInjection\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\",\"name\":\"DllNotificationInjection\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp\",\"datePublished\":\"2024-01-22T04:36:53+00:00\",\"dateModified\":\"2024-01-22T04:36:57+00:00\",\"description\":\"DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DllNotificationInjection","description":"DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/","og_locale":"en_US","og_type":"article","og_title":"DllNotificationInjection","og_description":"DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification","og_url":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-01-22T04:36:53+00:00","article_modified_time":"2024-01-22T04:36:57+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"DllNotificationInjection – Exploring A Novel Threadless Process Injection Technique","datePublished":"2024-01-22T04:36:53+00:00","dateModified":"2024-01-22T04:36:57+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/"},"wordCount":315,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","keywords":["cybersecurity","DllNotificationInjection","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/","url":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/","name":"DllNotificationInjection","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","datePublished":"2024-01-22T04:36:53+00:00","dateModified":"2024-01-22T04:36:57+00:00","description":"DllNotificationInection is a POC of a new \u201cthreadless\u201d process injection technique that works by utilizing the concept of DLL Notification","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/dllnotificationinjection\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv_r38XfOMRi4FEYOA4cNceuk8QXqPDDmTDzxlE7F-4uzv7gWjqhqhh8UUS0eyP0MfdOeH2s0okAy3EtQgdfV4MZZTbyqk_UB6MRzNg2U59WRth-nJZe678Bdx4fLMhcQEAYug1028GhZGprcnA4SBrWkdH5OYjcsXxHYYE-6XfD69et1FHck6THzYElr_\/s16000\/Untitled%20design.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":35972,"url":"https:\/\/kalilinuxtutorials.com\/goredops\/","url_meta":{"origin":31770,"position":0},"title":"GoRedOps : A Golang Arsenal For Red Teamers And Security Professionals","author":"Varshini","date":"January 31, 2025","format":false,"excerpt":"GoRedOps is a comprehensive collection of Golang-based projects tailored for red teamers and offensive security professionals. This repository offers a wide array of tools and techniques essential for penetration testing, exploitation, and security research. Below is an overview of its structure and functionality. Project Structure And Tools GoRedOps is organized\u2026","rel":"","context":"In "Exploitation Tools"","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/GoRedOps.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/GoRedOps.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/GoRedOps.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/GoRedOps.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/GoRedOps.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/GoRedOps.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":32434,"url":"https:\/\/kalilinuxtutorials.com\/rustredops\/","url_meta":{"origin":31770,"position":1},"title":"RustRedOps – Advanced Red Team Tooling And Techniques In Rust","author":"Varshini","date":"March 22, 2024","format":false,"excerpt":"\"RustRedOps\" stands as a groundbreaking repository, pioneering the development of sophisticated Red Team tools and techniques, all crafted in the Rust programming language. It offers a comprehensive suite of projects aimed at enhancing security assessments and intrusion testing for professionals. This article delves into the rich array of tools available,\u2026","rel":"","context":"In "Cyber security"","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjJUXo2r_s94eKqs1DfCg5AV_03rw6GVw8AJdKNReY2rvqOcIZILyhA3VEecT6HGYWwzsfgerBvwhmaJcplSfbnPdr4RZyYRbOUgTXBm-TL-hGLpFFV5tXkgwSpQ36juuR_xizfMvkZLlKTMg5msS0E1yAIgk06L2HllNk10PlZe7rrqGId2Kp9rKO-7jkY\/s16000\/Critical%20Atlassian%20Flaw%20%282%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjJUXo2r_s94eKqs1DfCg5AV_03rw6GVw8AJdKNReY2rvqOcIZILyhA3VEecT6HGYWwzsfgerBvwhmaJcplSfbnPdr4RZyYRbOUgTXBm-TL-hGLpFFV5tXkgwSpQ36juuR_xizfMvkZLlKTMg5msS0E1yAIgk06L2HllNk10PlZe7rrqGId2Kp9rKO-7jkY\/s16000\/Critical%20Atlassian%20Flaw%20%282%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjJUXo2r_s94eKqs1DfCg5AV_03rw6GVw8AJdKNReY2rvqOcIZILyhA3VEecT6HGYWwzsfgerBvwhmaJcplSfbnPdr4RZyYRbOUgTXBm-TL-hGLpFFV5tXkgwSpQ36juuR_xizfMvkZLlKTMg5msS0E1yAIgk06L2HllNk10PlZe7rrqGId2Kp9rKO-7jkY\/s16000\/Critical%20Atlassian%20Flaw%20%282%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjJUXo2r_s94eKqs1DfCg5AV_03rw6GVw8AJdKNReY2rvqOcIZILyhA3VEecT6HGYWwzsfgerBvwhmaJcplSfbnPdr4RZyYRbOUgTXBm-TL-hGLpFFV5tXkgwSpQ36juuR_xizfMvkZLlKTMg5msS0E1yAIgk06L2HllNk10PlZe7rrqGId2Kp9rKO-7jkY\/s16000\/Critical%20Atlassian%20Flaw%20%282%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjJUXo2r_s94eKqs1DfCg5AV_03rw6GVw8AJdKNReY2rvqOcIZILyhA3VEecT6HGYWwzsfgerBvwhmaJcplSfbnPdr4RZyYRbOUgTXBm-TL-hGLpFFV5tXkgwSpQ36juuR_xizfMvkZLlKTMg5msS0E1yAIgk06L2HllNk10PlZe7rrqGId2Kp9rKO-7jkY\/s16000\/Critical%20Atlassian%20Flaw%20%282%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjJUXo2r_s94eKqs1DfCg5AV_03rw6GVw8AJdKNReY2rvqOcIZILyhA3VEecT6HGYWwzsfgerBvwhmaJcplSfbnPdr4RZyYRbOUgTXBm-TL-hGLpFFV5tXkgwSpQ36juuR_xizfMvkZLlKTMg5msS0E1yAIgk06L2HllNk10PlZe7rrqGId2Kp9rKO-7jkY\/s16000\/Critical%20Atlassian%20Flaw%20%282%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17465,"url":"https:\/\/kalilinuxtutorials.com\/cthreadhijack\/","url_meta":{"origin":31770,"position":2},"title":"CThreadHijack : Beacon Object File (BOF) For Remote Process Injection Via Thread Hijacking","author":"R K","date":"August 11, 2021","format":false,"excerpt":"cThreadHijack is a Beacon Object File (BOF) for remote process injection, via thread hijacking, without spawning a remote thread. Accompanying blog can be found\u00a0here. cThreadHijack works by injecting raw Beacon shellcode, generated via a user-supplied listener argument, into a remote process, defined by the user-supplied PID argument, via\u00a0VirtualAllocEx\u00a0and\u00a0WriteProcessMemory. Then, instead\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4424,"url":"https:\/\/kalilinuxtutorials.com\/fridaextract\/","url_meta":{"origin":31770,"position":3},"title":"FridaExtract : Frida.re Based RunPE Extraction Tool","author":"R K","date":"March 30, 2019","format":false,"excerpt":"FridaExtract is a\u00a0Frida.re\u00a0based\u00a0RunPE\u00a0extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : ) NOTE: Frida now also supports extraction of injected PE files using the \"MapViewOfSection\" technique best\u00a0described\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36152,"url":"https:\/\/kalilinuxtutorials.com\/earlycascade\/","url_meta":{"origin":31770,"position":4},"title":"EarlyCascade : Revolutionizing Process Injection To Outmaneuver Endpoint Security","author":"Varshini","date":"February 6, 2025","format":false,"excerpt":"EarlyCascade is a cutting-edge process injection technique developed by Outflank to evade modern Endpoint Detection and Response (EDR) systems. This method operates during the early stages of process creation, injecting and executing malicious code before EDRs initialize their user-mode detection measures. By leveraging the Shim engine and hijacking its callback,\u2026","rel":"","context":"In "Cyber security"","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/EarlyCascade.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/EarlyCascade.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/EarlyCascade.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/EarlyCascade.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/EarlyCascade.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/EarlyCascade.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":35963,"url":"https:\/\/kalilinuxtutorials.com\/draugr-advanced-tools-for-synthetic-stack-frame-manipulation\/","url_meta":{"origin":31770,"position":5},"title":"Draugr : Advanced Tools For Synthetic Stack Frame Manipulation","author":"Varshini","date":"January 31, 2025","format":false,"excerpt":"The Draugr toolset provides a robust framework for performing synthetic stack frame manipulation, primarily designed to bypass modern Endpoint Detection and Response (EDR) systems. It includes two key components: Draugr-Template and Draugr-Strike, which enable developers to implement advanced techniques such as return address spoofing and remote process injection. Draugr-Template The\u2026","rel":"","context":"In "Exploitation Tools"","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Draugr.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Draugr.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Draugr.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Draugr.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Draugr.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Draugr.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31770"}],"version-history":[{"count":1,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31770\/revisions"}],"predecessor-version":[{"id":31771,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31770\/revisions\/31771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31775"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}