Introduction
February 1, 2026 ยท View on GitHub
Centralized resource for listing and organizing known injection techniques and POCs
- Introduction
- Linux Injection
- Windows Injection
- Process Spawning
- Process Injection
- Classic Dll Injection
- Classic Shellcode Injection
- Dll Injection via SetWindowsHookEx
- Reflective Dll Injection
- PE Injection
- Section Mapping Injection
- APC Queue Injection
- Thread Execution Hijacking
- Atom Bombing Injection
- Mocking jay Injection
- ListPlanting Injection
- Extra Window Memory Injection
- ThreadlessInject
- EPI
- DllNotification Injection
- D1rkInject
- NtQueueAPCThreadEx Gadget Injection
- Dirty-Vanity
- Function Stomping
- Caro-Kann
- Stack Bombing
- Ghost Injector
- Ghost Writing
- Ghost Writing 2
- Mapping Injection with Instrumentation Callback
- SetProcessInjection
- Pool Party Injection
- Thread Name Calling
- Waiting Thread Hijacking
- RedirectThread Context Injection
- Overwriting Loaded DLL EntryPoint
- Living Of The Process by g3tsyst3m
Introduction
I've been thinking about putting together a list of process injection techniques and ingenious POCs because I haven't found a decent one. This list focuses on process-spawning injection methods and actual process injection, excluding pre-execution techniques (e.g. AppCert and AppInit Dlls), and self-injection techniques.
PRs are welcome to help me maintain and extend this list!
Linux Injection
Process Spawning
LD_PRELOAD
Seccomp Notifier
- https://www.outflank.nl/blog/2025/12/09/seccomp-notify-injection/
- https://github.com/outflanknl/seccomp-notify-injection
Process Injection
PTRACE
Proc Memory
- https://attack.mitre.org/techniques/T1055/009/
- https://github.com/DavidBuchanan314/dlinject
- https://github.com/AonCyberLabs/Cexigua
Windows Injection
Process Spawning
Process Hollowing
Transacted Hollowing
Process Doppelganging
Process Herpaderping
Process Ghosting
Early Bird
- https://www.cyberbit.com/endpoint-security/new-early-bird-code-injection-technique-discovered/
- https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection
EntryPoint Patching
Ruy-Lopez
Early Cascade Injection
- https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/
- https://github.com/Cracked5pider/earlycascade-injection
Kernel Callback Table Injection
PichichiH0ll0wer - Split Hollowing
Process Injection
Classic Dll Injection
- https://attack.mitre.org/techniques/T1055/001/
- https://www.ired.team/offensive-security/code-injection-process-injection/dll-injection
Classic Shellcode Injection
Dll Injection via SetWindowsHookEx
Reflective Dll Injection
- https://attack.mitre.org/techniques/T1055/001/
- https://github.com/stephenfewer/ReflectiveDLLInjection
- https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
PE Injection
- https://attack.mitre.org/techniques/T1055/002/
- https://www.ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes
Section Mapping Injection
APC Queue Injection
- https://attack.mitre.org/techniques/T1055/004/
- https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection
Thread Execution Hijacking
- https://attack.mitre.org/techniques/T1055/003/
- https://www.ired.team/offensive-security/code-injection-process-injection/injecting-to-remote-process-via-thread-hijacking
Atom Bombing Injection
Mocking jay Injection
ListPlanting Injection
- https://attack.mitre.org/techniques/T1055/015/
- https://cocomelonc.github.io/malware/2022/11/27/malware-tricks-24.html
Extra Window Memory Injection
ThreadlessInject
EPI
DllNotification Injection
D1rkInject
NtQueueAPCThreadEx Gadget Injection
Dirty-Vanity
Function Stomping
Caro-Kann
Stack Bombing
Ghost Injector
Ghost Writing
- https://github.com/c0de90e7/GhostWriting
- https://blog.sevagas.com/IMG/pdf/code_injection_series_part5.pdf
Ghost Writing 2
Mapping Injection with Instrumentation Callback
SetProcessInjection
Pool Party Injection
- https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
- https://github.com/SafeBreach-Labs/PoolParty
Thread Name Calling
- https://github.com/hasherezade/thread_namecalling
- https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
Waiting Thread Hijacking
- https://github.com/hasherezade/waiting_thread_hijacking
- https://research.checkpoint.com/2025/waiting-thread-hijacking/
RedirectThread Context Injection
- https://blog.fndsec.net/2025/05/16/the-context-only-attack-surface/
- https://github.com/Friends-Security/RedirectThread