Gaining the advantage
The guiding principle behind this chapter is to get the advantage over the opponent through misdirection or by disappearing from what they can perceive or expect. We will focus on a basic example of process injection as a key technique because it allows the attacker to evade many traditional forensics tools, forcing the defender to implement function hooking or host-based memory scanning solutions if they want visibility. From the attacker's perspective, by removing yourself from your opponent's log sources or their ability to see your tooling completely, they lose many artifacts that would help them reconstruct the attacks. This can give the attacker a huge advantage before the defender is even aware of a malicious presence. Similarly, from a defensive perspective, if the defensive controls are already embedded and ubiquitous throughout the environment, then the attacker may perform an obvious attack without even realizing they are already under the...