Process Injection via KernelCallBackTable
Process injection via the KernelCallBackTable involves replacing original callback function by custom payload so that whenever the function is invoked, payload will be triggered. In this case the fnCOPYDATA callback function has been used.
C# Code Snippet:
https://gist.github.com/sbasu7241/5dd8c278762c6305b4b2009d44d60c13
#edr #evasion #dll #injection #kernelcallbacktable
Process injection via the KernelCallBackTable involves replacing original callback function by custom payload so that whenever the function is invoked, payload will be triggered. In this case the fnCOPYDATA callback function has been used.
C# Code Snippet:
https://gist.github.com/sbasu7241/5dd8c278762c6305b4b2009d44d60c13
#edr #evasion #dll #injection #kernelcallbacktable
👍2