aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 19:04:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(payload): rename apollo to ares and update documentation

Browse Source 
This commit renames the Apollo payload type to Ares, moving all associated files and updating documentation accordingly. The change includes:
- Renaming directories from `apollo` to `ares`
- Updating documentation image references
- Maintaining the same code functionality while changing the payload name
- Adding new Ares-specific documentation files
- Removing old Apollo documentation files

The rename is done to reflect the new payload name while preserving all existing functionality.
This commit is contained in:
Aryma
2026-04-14 14:02:44 +07:00
parent e14b1f21eb
commit 03d283cf49
753 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
documentation-payload/ares/opsec/injection.md Normal file
View File

@@ -0,0 +1,29 @@
+++
title = "Process Injection"
chapter = false
weight = 102
+++
## Process Injection in Ares
Ares has abstracted process injection into its own project and has the following techniques implemented:
- CreateRemoteThread
- QueueUserAPC (early bird)
- NtCreateThreadEx (via Syscalls)
As an operator, sometimes one injection technique is more desirable than another. To facilitate this, the [`get_injection_techniques`](/agents/apollo/commands/get_injection_techniques) command will list all currently loaded injection techniques the agent knows about. Similarly, [`set_injection_technique`](/agents/apollo/commands/set_injection_technique) will update the currently used injection technique throughout all post-exploitation jobs.
## Commands Leveraging Injection
All of Ares's [fork and run commands](/agents/apollo/opsec/forkandrun/) use injection to inject into a sacrificial process; however, there are additional commands that inject into other processes. Those commands are:
- [`assembly_inject`](/agents/apollo/commands/assembly_inject/)
- [`inject`](/agents/apollo/commands/inject/)
- [`keylog_inject`](/agents/apollo/commands/keylog/)
- [`psinject`](/agents/apollo/commands/psinject/)
- [`shinject`](/agents/apollo/commands/shinject/)
- [`screenshot_inject`](/agents/apollo/commands/screenshot_inject)
{{% notice info %}}
Some injection techniques are incompatible with the aforementioned commands. For example: If QueueUserAPC is in use, the above commands will fail as it leverages the early bird version of QueueUserAPC, not the APC bombing technique.
{{% /notice %}}