(4-7.12.2017)
• Advanced Code Injections Overview
• GhostWriting
• AtomBombing
• PowerLoader + PowerLoaderEx
• PROPagate
•…
• Reflective Loading
• Process Hollowing
• Injection method from over 10 years ago
• Has never received much attention
(…)
• Brief history of evasion techniques
• AV scanners
• Transacted NTFS (TxF)
• Evolution of Windows process loader