While Windows has many concepts familiar to those seen in Windows, the win32 API and windows security model is quite different and allows for scenarios uncommon in Linux. This module will explore some classic Windows injection and hijacking techniques that allow code to be executed in the context of another process, such as DLL injection, process hollowing, and thread hijacking. As an added twist, a rudimentary Endpoint Detection and Response (EDR) system will be used to detect and block these techniques. Can you bypass the EDR and execute your code in the context of another process?
Note: This dojo is slowly being developed, including iterating on infrastructure support. Functionality is subject to change!
