so.cl

When I’ve firstly seen the technique behind the Shellcode execution through Microsoft Windows Callbacks, I thought it was pure magic. But then, digging a little bit on it, I figured out that it was just brilliant ! Nowadays this technique is quite used in underground communities to inject shellcode into running processes so I decided to write a blog post to make clear to cybersecurity analysts how to deal with it. The takeaway of the day is: Don’t trust your callback function anymore! Running Shellcode Through Windows Callbacks