In which we weaponize the approach we explored in Pt. 1, and introduce a new tool!

0:00 Intro 0:41 HijackLibs 1:57 MpClient.dll 2:51 MpCmdRun ProcMon 5:05 DLLMain attempt 7:48 Cutter Analysis 8:54 Whoops! 9:15 PEStudio 10:06 Regex Powerrrrr 12:25 Shameless Plug 12:50 Spoof all the functions? 14:33 Process Injection Intro 15:12 Longzhi APT 15:37 Introducing Bolus 16:18 Process Injection in Rust 19:40 Bolus Usage 21:31 Shellcode Staging 22:57 Injector Config 26:40 Execute Attack 27:18 Remote Injection 29:03 Thank you!

Check out our free courses at https://taggartinstitute.org!

Resources from this video:

SharpUp: https://github.com/GhostPack/SharpUp Hijack Libs: https://hijacklibs.net Cutter: https://cutter.re PEStudio: https://www.winitor.com/download Bolus: https://github.com/mttaggart/bolus