https://blog.lentic.de/tags/hbcia/ Recent content in HBCIA on fahersto's blog Hugo -- gohugo.io en <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Sun, 03 Dec 2023 00:00:00 +0000 https://blog.lentic.de/posts/process_doppelganging/ Sun, 03 Dec 2023 00:00:00 +0000 https://blog.lentic.de/posts/process_doppelganging/ What is Process Doppelgänging? Process Doppelgänging is a code injection technique which allows to load and execute arbitrary code in the context of a benign process without calling Windows API functions commonly invoked to achieve code injection. The technique was published by Tal Liberman and Eugene Kogan at Black Hat Europe 2017. The concept is to abuse NTFS transactions to create a process from a malicious section that is seemingly backed by a benign file. https://blog.lentic.de/posts/ghostwriting/ Sat, 19 Mar 2022 00:00:00 +0000 https://blog.lentic.de/posts/ghostwriting/ I recently had the chance to study several code injection techniques in-depth. Specifically Host-Based Code Injection Attacks (HBCIAs). This term was introduced to distinguish code injection attacks that target the local system from ones that target remote systems such as SQL injection. I have implemented 22 HBCIA techniques over the last couple of months and the GhostWriting technique stood out to me in particular. What is GhostWriting? GhostWriting is an advanced code injection technique that combines thread hijacking, a write-gadget to write to an arbitrary memory location and an endless loop to stall execution.