AtomBombing: Brand New Code Injection for Windows

AtomBombing – a code injection technique that uses a table of atoms and Windows Asynchronous Procedure Call (APC).

Implementation of the code was a powerful weapon in the hacker arsenal for many years.

AtomBombing works in three main stages:
1. Write-What-Where – Writing arbitrary data to arbitrary locations in the target process’s address space.
2. Execution – Hijacking a thread of the target process to execute the code written in stage 1.
3. Restoration – Cleaning up and restoring the execution of the thread hijacked in stage 2.

A detailed description of each stage can be found here.

The author opens the question of the study on the method of open, which will allow us to find creative ideas to solve the problem. As the saying goes: to be continued …

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

News

AtomBombing: Brand New Code Injection for Windows

Read Next

USA Passes Take It Down Act: Fighting NCII at the Federal Level

Operation Artemis: FBI Arrests 22 in International Sextortion Crackdown

Digital Forensics Corp. Launches Pro Bono Initiative to Combat Sextortion Targeting Minors

Digital Forensics Corp. Launches 2025 Sextortion Study to Uncover the True Scope of a Growing Cybercrime