Malware Series: Process Injection Mapped Sections

This report is a technical how-to describing a Windows process-injection technique using NtCreateSection/NtMapViewOfSection to create a kernel-backed shared memory section, map views into local and remote processes, copy shellcode (msfvenom example) into the shared view, and execute it via a remote thread; C and C# code examples are provided to demonstrate the method.