Process injection via Thread Hijacking

/static/assets/windows-logo.svg
This TTP will create a notepad process and hijack one of the threads. The hijacked thread will be suspended and have its instruction pointer changed to the address of the shellcode; when the thread is resumed, `calc.exe` will be launched.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)