03d283cf49
This commit renames the Apollo payload type to Ares, moving all associated files and updating documentation accordingly. The change includes: - Renaming directories from `apollo` to `ares` - Updating documentation image references - Maintaining the same code functionality while changing the payload name - Adding new Ares-specific documentation files - Removing old Apollo documentation files The rename is done to reflect the new payload name while preserving all existing functionality.
1.5 KiB
+++ title = "Process Injection" chapter = false weight = 102 +++
Process Injection in Ares
Ares has abstracted process injection into its own project and has the following techniques implemented:
- CreateRemoteThread
- QueueUserAPC (early bird)
- NtCreateThreadEx (via Syscalls)
As an operator, sometimes one injection technique is more desirable than another. To facilitate this, the get_injection_techniques command will list all currently loaded injection techniques the agent knows about. Similarly, set_injection_technique will update the currently used injection technique throughout all post-exploitation jobs.
Commands Leveraging Injection
All of Ares's fork and run commands use injection to inject into a sacrificial process; however, there are additional commands that inject into other processes. Those commands are:
{{% notice info %}} Some injection techniques are incompatible with the aforementioned commands. For example: If QueueUserAPC is in use, the above commands will fail as it leverages the early bird version of QueueUserAPC, not the APC bombing technique. {{% /notice %}}