detecting-process-injection-techniques

Installation
SKILL.md

Detecting Process Injection Techniques

When to Use

  • EDR alerts on suspicious API call sequences (VirtualAllocEx + WriteProcessMemory + CreateRemoteThread)
  • A legitimate process (explorer.exe, svchost.exe) exhibits unexpected network connections or file operations
  • Memory forensics reveals executable code in memory regions that should not contain it
  • Investigating living-off-the-land attacks where malware hides inside trusted processes
  • Building detection logic for specific injection techniques in EDR or SIEM rules

Do not use for standard DLL loading analysis; injection implies unauthorized code placement in a process without that process's cooperation.

Prerequisites

Installs
39
GitHub Stars
24.7K
First Seen
Mar 18, 2026
detecting-process-injection-techniques — mukul975/anthropic-cybersecurity-skills