Hackers of India

ProcessInjection

By Chirag Savla on 06 Aug 2025 @ Blackhat : Arsenal
🔗 Link
pentesting red-teaming reverse-engineering exploitation
Focus Areas: Malware Analysis , Penetration Testing , Reverse Engineering
This Tool Demo covers following tools where the speaker has contributed or authored
PROCESSINJECTION

Abstract

ProcessInjection is a robust, open-source framework crafted in C# to explore a wide array of process injection techniques, tailored for red teaming, purple teaming, and endpoint security validation. The current version delivers a solid foundation with classic methods such as DLL Injection, traditional shellcode injection, process hollowing, and APC Queue injection, all implemented using C#’s powerful P/Invoke and D/Invoke capabilities for seamless interaction with Windows APIs. It also integrates three evasion techniques—Parent Process ID Spoofing, XOR encryption, and AES encryption—to enhance stealth and flexibility. Set for a major update at Black Hat USA 2025, ProcessInjection will unveil an advanced suite of techniques, including Process Ghosting, Kernel Callback Table Injection, PE Injection, Thread Execution Hijacking, alongside direct and indirect syscall implementations, and more. This all-encompassing toolkit empowers security professionals to emulate sophisticated adversary behaviors, enabling rigorous testing and fortification of endpoint defenses against modern, evolving threats.