core-jmp

core-jmp

death of core jump

  • Home
  • About
  • Privacy Policy

Homewinapi

Posts in category: winapi

Process Injection via Component Object Model (COM) IRundown::DoCallback() for run cmd.exe from lsass.exe or other pids

February 6, 2026
by oxfemale AdministratorBypassingCallbackscppEDREscalationInjectionLoadershellcodewinapiwindows

A PoC/demo demonstrating code injection via COM (using the IRundown::DoCallback() mechanism) to execute a payload in the context of a selected process, including lsass.exe (or any other PID).

Read More
Снимок экрана 2026-02-03 в 14.09.40

NO ALLOC, NO PROBLEM: LEVERAGING PROGRAM ENTRY POINTS FOR PROCESS INJECTION

February 3, 2026
by oxfemale alloccppDebugInjectionwinapiwindows

Remote process injection and looking for a few under-the-radar techniques that were either not documented well and/or contained minimalist core requirements for functionality.

Read More
was_plugins

Securely Embedding WASM Plugins in Your Project

February 2, 2026
by oxfemale ContainerscppCryptLibraryLoaderPluginsUncategorizedWASMwinapiwinapiwindows

libraries for packaging, verifying, decrypting, and executing WebAssembly plugins packaged in a custom container format .mylib (version 2).

Read More
Process Injection

Exploring Protected Process Light and Exploits

February 2, 2026
by oxfemale cppInjectionLibraryPPLUncategorizedwinapiwinapiwindows

Red team technique—process injection—and how to leverage it against Protected Process Light (PPL)

Read More
QueueUserAPC2 Process Injection

Mastering APC Injection with QueueUserAPC2

January 30, 2026
by oxfemale Injectionwinapiwindows

In this article, I will demonstrate one of the classic, fundamental techniques for injecting shellcode into a remote process using APCs. I realized I hadn’t documented this method yet, so that is exactly what we will cover today. specifically, we will be combining QueueUserAPC2 with NtTestAlert

Read More

Recent Posts

  • EarlyBird APC Injection: A Deep Technical Analysis
  • Bypassing Administrator Protection by Abusing UI Access
  • PPLControlShells — Protected Process / PPL Control shells Tool
  • Process Injection via Component Object Model (COM) IRundown::DoCallback() for run cmd.exe from lsass.exe or other pids
  • Abusing Microsoft Warbird for Shellcode Execution

Recent Comments

No comments to show.

Archives

  • February 2026
  • January 2026
  • November 2025
  • September 2025

Categories

  • Administrator
  • alloc
  • APC
  • ASM
  • Audio
  • AV
  • BYOVD
  • Bypassing
  • Callbacks
  • Containers
  • cpp
  • Crypt
  • Debug
  • EDR
  • Escalation
  • Gadgets
  • Injection
  • kernel
  • Library
  • Loader
  • Plugins
  • powershell
  • PPL
  • Privilege
  • Protection
  • ROP
  • shellcode
  • UAC
  • Uncategorized
  • Warbird
  • WASM
  • winapi
  • winapi
  • windows
Log in
© 2026 core-jmp. All rights reserved.
Shopping Basket