core-jmp

core-jmp

death of core jump

  • Home
  • About
  • Privacy Policy

HomeAPC

Posts tagged: APC

EarlyBird APC Code Injection

EarlyBird APC Injection: A Deep Technical Analysis

February 13, 2026
by oxfemale APCBypassingEDRInjectionshellcodewinapiwindows

The EarlyBird APC technique creates a trusted process in a suspended state, allocates memory for shellcode, and writes the payload. It then queues the shellcode as an Asynchronous Procedure Call (APC) to the suspended thread. Resuming the thread forces immediate, stealthy execution of the malicious code.

Read More
QueueUserAPC2 Process Injection

Mastering APC Injection with QueueUserAPC2

January 30, 2026
by oxfemale Injectionwinapiwindows

In this article, I will demonstrate one of the classic, fundamental techniques for injecting shellcode into a remote process using APCs. I realized I hadn’t documented this method yet, so that is exactly what we will cover today. specifically, we will be combining QueueUserAPC2 with NtTestAlert

Read More

Recent Posts

  • EarlyBird APC Injection: A Deep Technical Analysis
  • Bypassing Administrator Protection by Abusing UI Access
  • PPLControlShells — Protected Process / PPL Control shells Tool
  • Process Injection via Component Object Model (COM) IRundown::DoCallback() for run cmd.exe from lsass.exe or other pids
  • Abusing Microsoft Warbird for Shellcode Execution

Recent Comments

No comments to show.

Archives

  • February 2026
  • January 2026
  • November 2025
  • September 2025

Categories

  • Administrator
  • alloc
  • APC
  • ASM
  • Audio
  • AV
  • BYOVD
  • Bypassing
  • Callbacks
  • Containers
  • cpp
  • Crypt
  • Debug
  • EDR
  • Escalation
  • Gadgets
  • Injection
  • kernel
  • Library
  • Loader
  • Plugins
  • powershell
  • PPL
  • Privilege
  • Protection
  • ROP
  • shellcode
  • UAC
  • Uncategorized
  • Warbird
  • WASM
  • winapi
  • winapi
  • windows
Log in
© 2026 core-jmp. All rights reserved.
Shopping Basket