CypherCon 2024

A Symphony of Threads : Remote Process Injection Made Modular

Gary Lobermier

Abstract:

Remote Process Injection used to be the first thing you did with a new beacon. Never do anything inside your beacon process, always process inject out and perform tasks from somewhere else. Now we do the opposite, never shell out, never inject, and instead keep everything exclusively in memory.

The difference is modern security stacks. Process injection is uncertain and risky. As a result, you rarely see remote process injection options in your C2 servers. My goal is to build a remote process injection toolkit that I can use within any C2 server, and to build it out with as many remote process injection techniques as possible.

Importance: Red team engagements rely heavily on tooling for operational efficiencies, but more and more we’re forced to custom write every task we perform in order to succeed. The toolkit should help Red Teams by providing a multitude of traditional, and novel, process injection techniques for engagements. Purple teams should also be able to benefit by testing and witnessing which injection techniques are detected by your security tooling.

Gary Lobermier

When I’m not at CypherCon, I’m working remotely from my Class B Van.

Gary Lobermier is a cybersecurity maverick and Red Teamer at Transunion. With over a decade of experience in the cybersecurity field, he specializes in hacking and defending networks against cyber threats.

Gary is known for his innovative approach to cybersecurity challenges, he has led numerous successful Red Team engagements and has a proven track record of identifying vulnerabilities and implementing effective security measures.

Outside of his professional endeavors, Gary is passionate about music and enjoys playing his guitar(s). He is also a dedicated cat dad and spends his free time tinkering with 3D printers to create innovative projects. When he’s not at CypherCon, you’ll likely find Gary working remotely from his Class B Van, exploring new locations while staying connected to the cybersecurity community.

Gary has been a featured speaker at various cybersecurity and IT conferences, including CypherCon, where he shares his insights and experiences in the field. He is committed to advancing cybersecurity practices and empowering others to stay ahead of evolving cyber threats.