https://github.com/trustedsec/inproc_evade_get-injectedthread

PoC code from blog
https://github.com/trustedsec/inproc_evade_get-injectedthread

Last synced: about 1 year ago
JSON representation

PoC code from blog

Host: GitHub
URL: https://github.com/trustedsec/inproc_evade_get-injectedthread
Owner: trustedsec
Created: 2020-03-09T13:51:23.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2020-03-10T16:10:41.000Z (over 6 years ago)
Last Synced: 2025-03-28T03:41:23.607Z (over 1 year ago)
Language: C
Homepage: https://www.trustedsec.com/blog/avoiding-get-injectedthread-for-internal-thread-creation/
Size: 23.4 KB
Stars: 16
Watchers: 2
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # inProc_Evade_Get-InjectedThread

This PoC was built using visual studio 2019.  

It gives a demo of internal thread creation of memory injected code that will not trigger a detection using Get-InjectedThread.

## Build instructions

git clone -r https://github.com/trustedsec/inProc_Evade_Get-InjectedThread.git   

open .sln file using visual studio 2019  

build the solution

## Running

Aquire a copy of Get-InjectedThread (https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2)  

Start powershell and import Get-InjectedThread.ps1  

run the built solution exe with either the argument "caught" or "evade"  

run Get-InjectedThread in powershell and observe the result

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/trustedsec/inproc_evade_get-injectedthread

Awesome Lists containing this project

README