Introduction Inline hooking is a technique used to modify the behavior of functions in an application or operating system. It involves inserting code into the body of a function, and redirecting the flow of execution to the inserted code before or after the original function is executed. Inline hooking is often used in security-related applications, such as anti-virus software or intrusion detection systems, where it is necessary to monitor or alter the behavior of system-level functions.

Introduction Windows operating systems use system calls to interact with the underlying hardware and software components. System Service Dispatch Table (SSDT) hooking and Import Address Table (IAT) hooking are two techniques used to intercept and modify these system calls and imported functions, respectively. SSDT Hooking SSDT hooking involves modifying the SSDT, a table that contains the addresses of the system calls. This technique is useful for debugging, monitoring, and manipulating the behavior of the operating system and applications.

Introduction On May 12th, 2017, the world was shaken by a massive ransomware attack known as WannaCry. The attack infected over 200,000 computers in 150 countries, causing widespread disruption and financial losses. In this blog post, we’ll explore the WannaCry attack, its aftermath, and the lessons we can learn from this incident to improve our cybersecurity practices. How WannaCry Spread Across the Globe WannaCry spread rapidly through a vulnerability in the Microsoft Windows operating system known as MS17-010.

Introduction The purpose of this document is to describe one of the most basic code injection techniques by using some of the APIs provided by the Windows operating system for process interaction. Code injection can be used in case it is necessary to make the detection of a payload more difficult within a compromised system, because it should not be sought inside a single process. It is possible to find an example of a more sophisticated use of the above technique into the “migrate” (ReflectiveLoader) feature of meterpreter, which completely moves the execution of the agent into a process chosen by the attacker.