Windows Process Injection for Red-Blue Teams

In this course, we will understand the basics of Windows processes, virtual memory and different techniques to enumerate processes. Then we will look at the fundamentals of process injection and try out techniques like remote Thread Injection, APC, Thread Hijacking and Process Hollowing.

This course is very practical with code examples to illustrate each technique!

Pavel Yosifovich

Pavel Yosifovich is a developer, trainer, author and speaker. He has authored multiple celebrated books on Windows internals, system and kernel programming. Several open source tools authored by him are available on Github and you can visit his personal website for the latest he is working on.



Books Authored by Pavel


Windows Internals Part 1: 7th Edition    

The definitive guide–fully updated for Windows 10 and Windows Server 2016 Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016. Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.



Windows Kernel Programming    

There is nothing like the power of the kernel in Windows - but how do you write kernel drivers to take advantage of that power? This book will show you how. The book describes software kernel drivers programming for Windows. These drivers don't deal with hardware, but rather with the system itself: processes, threads, modules, registry and more. Kernel code can be used for monitoring important events, preventing some from occurring if needed. Various filters can be written that can intercept calls that a driver may be interested in.


Windows 10 System Programming, Part 1    

Delve into programming the Windows operating system through the Windows API in with C++. Use the power of the Windows API to working with processes, threads, jobs, memory, I/O and more. The book covers current Windows 10 versions, allowing you to get the most of what Windows has to offer to developers in terms of productivity, performance and scalability.