Learn advanced memory injection techniques and their stealthy implementations in a conference talk that explores innovative approaches using Python ctypes for in-memory loading of DLLs, EXEs, and BOFs. Discover the advantages of ctypes implementation while diving into Module-Shifting, a novel enhancement to Module-Overloading injection. Explore memory injection fundamentals, purposes, and main categories including code injection, PE injection, and process manipulation techniques. Examine common memory injection components, payload constraints, and testing methodologies with memory scanners. Master the PythonMemoryModule implementation, understanding its benefits and limitations, before advancing to Module Overloading and Module Stomping concepts. Gain insights into Module Shifting's key features, including byte restoration and detection opportunities, while developing a comprehensive understanding of modern memory injection methodologies and their security implications.
Improving the Stealthiness of Memory Injection Techniques Using Python Ctypes
Overview
Syllabus
Intro
Agenda
Memory Injection Definition
Memory Injection - Purposes
Memory Injection - Main categories
Code injection - Common techniques
PE injection - Common techniques
Process Manipulation - Common technique
Memory Injection - Moving Parts
Setting the constraints - Injection
Setting the constraints - Payload
Testing with Memory scanners
Starting Point - Python Memory Module
PythonMemoryModule - Pros and cons
Next step - Module Overloading
Module Overloading - loCs
Next step - Module Stomping
Module Stomping locs
Module Shifting - Key Points
Module Shifting - Restore modified bytes
Detection Opportunities
Main Takeaways
Taught by
x33fcon
