pycodeinjector: a simple python Code Injection library

 

In my previous post “Code injection on Windows using Python: a simple example“, i’ve explored the ctype python library and the usage of Windows API in order to perform a code injection on 32bit systems.

All tests was performed using shellcodes generated by metasploit or found on some online repository, i ask myself:

“Is it possible to generate the shellcode directly into my python script?”

Continue reading “pycodeinjector: a simple python Code Injection library”

Code injection on Windows using Python: a simple example

Recently i had to perform some comparative tests on a couple of whitelisting solutions.

One of the crucial step of the test was the proper functioning of memory monitoring feature, useful in case of process injection: infact, when a trusted process has been started, an attacker may use it as vector for inject a malicious code.

In order to perform this check, i’ve decided to wrote a little PoC for 32bit systems dedicated to this test.

Continue reading “Code injection on Windows using Python: a simple example”

What is Reflective DLL Injection and how can be detected?

DLL (Dynamic-link library) are the Microsoft’s implementation of the shared library concept and provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled.

Continue reading “What is Reflective DLL Injection and how can be detected?”