Advanced Malware Tactics: Process Injection in Windows

Name: Advanced Malware Tactics: Process Injection in Windows
Rating: 4.4 (15 reviews)

Learn how modern malware evades detection using process injection, memory manipulation, and Windows internals.

Created byTejwant Singh

Last updated 7/2025

English

What you'll learn

Understand Windows internals crucial for analyzing advanced malware.
Identify and explain core process injection techniques in Windows.
Analyze real-world malware like Qakbot to uncover injection methods.
Explore novel thread pool injection tactics revealed at Black Hat Europe.

Course content

6 sections • 6 lectures • 1h 36m total length

Meet your instructor0:59
Meet your instructor

Understanding Windows Internals for Malware Analysis22:27
Gain a strong foundation in how Windows operates under the hood — essential knowledge for analyzing malware and understanding process injection. This lecture covers threads, handles, system objects, APIs, user/kernel mode, and Windows thread pool architecture.

Keywords: windows internals, cybersecurity, process injection, thread pool, user mode, kernel mode
(Part 1): Windows Internals Deep Dive

Introduction to Process Injection in Windows Malware6:44
Explore the concept of process injection and how threat actors use it to execute malicious code within legitimate processes. This lecture sets the stage for more advanced techniques by explaining evasion, exploitation, and post-exploitation tactics.

Keywords: process injection, malware evasion, post-exploitation, memory injection, cyber attack lifecycle
(Part 2): Process Injection Basics

The Building Blocks of Process Injection18:19
Understand the three core stages of process injection: memory allocation, writing malicious code, and remote execution. Learn how APIs like VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread are abused in real-world attacks.

Keywords: VirtualAllocEx, WriteProcessMemory, CreateRemoteThread, Windows APIs, remote thread injection, memory exploitation
(Part 3): Memory Allocation & Code Execution

Process Injection Techniques with Qakbot Malware Case Study18:29
Deep dive into popular injection methods — DLL injection, process hollowing, shim injection, and PE injection — with a practical case study of Qakbot malware. Analyze PowerShell scripts and API usage in live malware campaigns.

Keywords: DLL injection, process hollowing, Qakbot malware, shim injection, PowerShell malware, reverse engineering
(Part 4): Real-World Injection with Qakbot

Advanced Injection Tactics from Black Hat 202329:20
Explore cutting-edge process injection techniques revealed at Black Hat Europe, including attacks on Windows thread pools and worker factories. Learn how attackers bypass modern EDRs using undocumented system internals.

Keywords: thread pool injection, Black Hat Europe, SafeBreach, EDR bypass, novel malware tactics, worker factory attack
(Part 5): Black Hat Techniques & Thread Pool Exploits

Requirements

Basic understanding of Windows OS and cybersecurity fundamentals. No reverse engineering experience required, but helpful for deeper insights.

Description

Master the stealth tactics used by modern Windows malware through analysis of process injection techniques.

This advanced cybersecurity course is designed for SOC analysts, malware researchers, blue teamers, red teamers, and aspiring reverse engineers who want to understand how malware operates under the hood.

You’ll learn how adversaries exploit Windows architecture, abuse native APIs, and manipulate memory to inject code into legitimate processes — all to bypass antivirus, EDR, and traditional defenses.

In this course, you’ll explore:

• Core Windows Internals: User mode vs. kernel mode, threads, handles, memory management

• Fundamentals of Process Injection: What it is, how it works, and why attackers use it

• Injection Primitives: Using VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread

• Popular Techniques: DLL Injection, Process Hollowing, Shim Injection, and PE Injection

• Real Malware Case Study: Dissecting Qakbot’s process injection and evasion strategy

• Latest Threat Research: Novel injection methods using Windows thread pools, as presented at Black Hat Europe 2023

This is not just theory — you’ll gain insight into the same techniques threat actors use in the wild, helping you become more effective in malware detection, incident response, or offensive security operations.

Prerequisites: Basic understanding of Windows and cybersecurity. Ideal for professionals with 0–5 years of experience.

Take your malware analysis and threat detection skills to the next level.

Who this course is for:

Cybersecurity professionals (0–5 years), SOC analysts, malware researchers, red/blue teamers, or anyone seeking hands-on knowledge of Windows malware tactics.

Advanced Malware Tactics: Process Injection in Windows

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 1min

Foundations of Windows Internals for Malware Analysis1 lecture • 22min

Introduction to Process Injection1 lecture • 7min

Building Blocks of Process Injection1 lecture • 18min

Process Injection Techniques – Qakbot Malware Case Study1 lecture • 18min

Advanced Injection Techniques from Black Hat Europe1 lecture • 29min

Requirements

Description

Who this course is for: