Vulcan Process Injection

Vulcan can preform several different process injection techniques on Windows machines. Including DLL Injection, Shellcode Injection, and Process Hollowing. It is a useful tool for the red teamer allowing custom shell code to be executed. For the blue teamer it is a great way to test your defenses.

Prerequisite

  • Vulcan
  • Windows
  • Visual Studio

You will need to compile your own binary. For more information on how to do this refer to vulcan home page 🖖.

Process Injection

With a compiled binary I attempted to run it and got the following.

  PS C:\Users\vagrant\vulcan\bin> ./vulcan_x64.exe -m 1500 -i 2 notepad.exe
  Using calc x64 shellcode...
  [-] Error: Could not find PID (0).

After some trial and error I finally understood this error. What it's saying is that it cant find the process, notepad.exe, I had specified. Running notepad.exe fixed this issue.

  C:\lab\vulcan\bin>vulcan_x64.exe -m 1500 -i 2 notepad.exe
  Using calc x64 shellcode...
  Executing...
  [*] Creating process in suspended state
  [+] Create process successful!
  [*] Allocating memory in process
  [+] Memory allocated at: 0xaff40000
  [*] Writing shellcode to process
  [+] Shellcode is written to memory
  [*] Queue APC
  [+] QueueAPC is done
  [*] Resuming thread....

After that I started playing around with it and found it to work rather well. I highly recommend giving it a try.

Read more