Adventures with KernelCallbackTable Injection
Lately, I came across with
KernelCallbackTable
which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.This post walks through the journey I took and the hurdles I encountered to make process injection via
KernelCallbackTable
work according to what I wanted. Adventures with KernelCallbackTable Injection