aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 08:34:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e14b1f21eb16f1f8d98bdb72f853bc28eb15294a
Ares-mythic/documentation-payload/apollo/opsec/injection.md
Aryma 6321bfc31b refactor: rename apollo to ares and add ascii art display 
- Rename agent from "Apollo" to "Ares" across documentation and configuration
- Update config.json to reference Ares container image instead of Apollo
- Replace Apollo logo with Ares logo in documentation
- Rename workspace file from Apollo.code-workspace to Ares.code-workspace
- Add ASCII art display function to agent startup sequence
- Remove obsolete refactor analysis document
2026-04-14 13:15:43 +07:00

29 lines
1.5 KiB
Markdown
Raw Blame History

+++
title = "Process Injection"
chapter = false
weight = 102
+++
## Process Injection in Ares
Ares has abstracted process injection into its own project and has the following techniques implemented:
- CreateRemoteThread
- QueueUserAPC (early bird)
- NtCreateThreadEx (via Syscalls)
As an operator, sometimes one injection technique is more desirable than another. To facilitate this, the [`get_injection_techniques`](/agents/apollo/commands/get_injection_techniques) command will list all currently loaded injection techniques the agent knows about. Similarly, [`set_injection_technique`](/agents/apollo/commands/set_injection_technique) will update the currently used injection technique throughout all post-exploitation jobs.
## Commands Leveraging Injection
All of Ares's [fork and run commands](/agents/apollo/opsec/forkandrun/) use injection to inject into a sacrificial process; however, there are additional commands that inject into other processes. Those commands are:
- [`assembly_inject`](/agents/apollo/commands/assembly_inject/)
- [`inject`](/agents/apollo/commands/inject/)
- [`keylog_inject`](/agents/apollo/commands/keylog/)
- [`psinject`](/agents/apollo/commands/psinject/)
- [`shinject`](/agents/apollo/commands/shinject/)
- [`screenshot_inject`](/agents/apollo/commands/screenshot_inject)
{{% notice info %}}
Some injection techniques are incompatible with the aforementioned commands. For example: If QueueUserAPC is in use, the above commands will fail as it leverages the early bird version of QueueUserAPC, not the APC bombing technique.
{{% /notice %}}
Reference in New Issue View Git Blame Copy Permalink