Awesome
Mapping-Injection
Mapping injection is a process injection technique that avoids the usage of common monitored syscall VirtualAllocEx, WriteProcessMemory and CreateRemoteThread.
With this technique you will have a different syscall pattern from the classic process injection that is:<br> VirtualAllocEx -> WriteProcessMemory -> CreateRemoteThread.<br> In this technique you will have the following syscall pattern:<br> OpenProcess() -> (CreateFileMapping() -> MapViewOfFile3() [current process] -> MapViewOfFile3() [target process]) x 2 times -> NtSetInformationProcess()
Requirements
Supported OS: Windows 10 / Windows Server 2016, version 1703 (build 10.0.15063) and above versions
Technical Description
https://splintercod3.blogspot.com/p/weaponizing-mapping-injection-with.html