Introduction This year has been a though one. And though times teach great things. I am somewhat scared of death, well not that much, but I am starting to respect it, and that’s why I am going to write my thoughts here. “Memento Mori” would a stoic say. I always have been a very reserved guy, with all that opsec things in mind, but now the idea of leaving something about me, here on the internet, fascinates me.

Introduction Inline hooking is a technique used to modify the behavior of functions in an application or operating system. It involves inserting code into the body of a function, and redirecting the flow of execution to the inserted code before or after the original function is executed. Inline hooking is often used in security-related applications, such as anti-virus software or intrusion detection systems, where it is necessary to monitor or alter the behavior of system-level functions.

Introduction The purpose of this document is to describe one of the most basic code injection techniques by using some of the APIs provided by the Windows operating system for process interaction. Code injection can be used in case it is necessary to make the detection of a payload more difficult within a compromised system, because it should not be sought inside a single process. It is possible to find an example of a more sophisticated use of the above technique into the “migrate” (ReflectiveLoader) feature of meterpreter, which completely moves the execution of the agent into a process chosen by the attacker.