Welcome to this five-part educational series on Process Injection and Advanced Malware Tactics, designed specifically for cybersecurity professionals and learners with 0–5 years of experience. In this series, we’ll go step by step from foundational Windows concepts to sophisticated evasion techniques revealed at Black Hat Europe 2023.

This content is based on my free Udemy course Advanced Malware Tactics: Process Injection in Windows, where you can follow along with slides, visuals, and quizzes. The goal is simple: to break down complex cybersecurity research into plain language, making it accessible to those starting out in the field.

Here’s how this series is structured:

Part 1 – Understanding Windows Internals
We explore processes, threads, thread pools, user vs. kernel mode, and Windows APIs. This foundation is crucial for grasping how malware operates under the hood.

Part 2 – Introduction to Process Injection
We define what process injection is, why attackers use it, and introduce common techniques at a high level.

Part 3 – Building Blocks of Process Injection
A deep dive into how memory is allocated, code is written, and execution is triggered inside another process. We explore APIs like VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread.

Part 4 – Common Injection Techniques + Qakbot Example
Covers classic methods like DLL Injection, Process Hollowing, Shim Injection, and PE Injection. Includes a real-world case study of Qakbot malware.

Part 5 – Advanced Techniques from Black Hat 2023
Explains novel process injection methods involving Windows Thread Pools, based on cutting-edge research from SafeBreach Labs presented at Black Hat Europe.

Why This Series Matters

Process injection is one of the most used techniques in real-world malware and red teaming. This series aims to bridge the gap between advanced security research and learners just entering the field. You’ll gain both theoretical and practical understanding, without the jargon overload.

Each part will be published as a separate blog post, and this page will serve as the index — so feel free to bookmark it!

Want a More Visual Learning Experience?

You can also enroll in the full free Udemy course version of this series:

Explore the Course on Udemy Advanced Malware Tactics: Process Injection in Windows

Let’s get started — begin with Part 1 – Understanding Windows Internals.