Skip to content
This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
/ APC-PPID Public archive

Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.

Notifications You must be signed in to change notification settings

hlldz/APC-PPID

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

APC-PPID

Nowadays, the most commonly used type of code injection is Reflective ones. This is due to high levels of stealth and Meterpreter, Beacon etc. projects support this type of injection. There is a rule: if something is popular, the defenders focus on it. I've seen so little that this rule has changed. Many studies have been done to capture the techniques of Reflective injections. I also do not prefer to use the popular things in red team operations at the first stage to avoid attracting attention.

This code adds a user-mode asynchronous procedure call (APC) object to the APC queue of the thread of the created process and spoof the Parent Process. So, you can do APC Injection with the code I shared and spoof the Parent Process as explorer.exe. The execution flow of the project is given below.

Acknowledgements and References

About

Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages