03d283cf49
This commit renames the Apollo payload type to Ares, moving all associated files and updating documentation accordingly. The change includes: - Renaming directories from `apollo` to `ares` - Updating documentation image references - Maintaining the same code functionality while changing the payload name - Adding new Ares-specific documentation files - Removing old Apollo documentation files The rename is done to reflect the new payload name while preserving all existing functionality.
1.5 KiB
+++ title = "get_injection_techniques" chapter = false weight = 103 hidden = false +++
Summary
Retrieve a list of available injection techniques the agent can use.
Usage
get_injection_techniques
Detailed Summary
The get_injection_techniques command displays the various process injection techniques the agent is capable of using for post-exploitation jobs. You can see the current technique being used by an agent with the get_injection_techniques command. The technique can also be changed using the set_injection_technique command.
You are encouraged to create your own injection technique and submit a new pull request!
Available techniques
CreateRemoteThread
"Classic" process injection technique that uses the VirtualAllocEx, WriteProcessMemory and CreateRemoteThread Windows APIs to execute shellcode in a specified process.
Early-Bird QueueUserAPC
Works for all jobs spawning sacrificial processes, but mileage may vary for injection-type commands. Calls VirtualAllocEx, WriteProcessMemory, QueueUserAPC and ResumeThread calls.
NtCreateThreadEx
Leverages syscalls from the NTDLL library to directly invoke shellcode associated with NtOpenProcess, NtClose, NtDuplicateObject, NtAllocateVirtualMemory, NtProtectVirtualMemory, NtWriteVirtualMemory, and NtCreateThreadEx
