Process injection via Thread Hijacking

This TTP will create a notepad process and hijack one of the threads. The hijacked thread will be suspended and have its instruction pointer changed to the address of the shellcode; when the thread is resumed, `calc.exe` will be launched.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)