3xpl01tc0d3r

Hello All, After publishing the post about Dumping Process Memory with Custom C# Code my friend Himanshu suggested me to write a tool & a blog post about Process Injection for learning and he referenced his post about Code Injection which covers the concept about the vanilla process injection technique. It was quite interesting to learn and understand the core concepts about Process Injection techniques and as a learning path to code in c# leveraging Windows API I started writing the tool for Process Injection. What is Process Injection ? Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process. Why Process Injection ?

Hi Guys, It been really long time since I have wrote any blogs. Busy doing  Red Team Challenge labs and learning on AV/EDR bypasses using known techniques. I will definitely blog about those in near future. Let's not waste time and jump to the actual topic. Background: I was on an engagement where I was tasked to exfiltrate data from the server which was behind Citrix. Client had provided me with low privilege user and I had limited internet access from that server. Note:- All images and information are not related to client it's from my labs or some image from google. What is Citrix? According to  Citrix   : In a Citrix application delivery setup, applications and resources are hosted on central servers. XenApp isolates these applications from the underlying OS and other applications, and streams them into an isolated environment on the target device where they are executed It basically a reverse RDP where all the activities execute into one central system