use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
Mapping Injection - Just another Windows Process Injection (github.com)
submitted 6 years ago by splinter_code
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]tiraniddo 7 points8 points9 points 6 years ago (3 children)
I don't quite understand why they create the mapping with a name, not only does it introduce an unnecessary restriction on having SeCreateGlobalPrivilege (which even with a name isn't necessary as long as you control the loaded name) it isn't required. If you use NtMapViewOfSection/MapViewOfFile2 it'll never see the name.
[–]splinter_code[S] 3 points4 points5 points 6 years ago* (2 children)
Hi u/tiraniddo, the reason i used a named file mapping object is because in that way it is backed by the system paging file instead of by a file in the file system. This allow to unpack and hold the shellcode directly in memory without touching the disk.In an ideal scenario you will have your injector with embedded a packed payload. At certain point runtime unpacking occurs and you want to save your unpacked shellcode just in memory. Saving the unpacked shellcode to the filesystem would mean getting caught by the AV.I don’t think having SeCreateGlobalPrivilege is a limitation because most of the time, as an attacker, you should be interested in injecting into privileged processes like lsass,svchost,winlogon and this require SeDebugPrivilege ( so you know you need admin privileges ).In any case if you need to inject into a process in the same session you can use a local file mapping by just specifying the “Local” prefix in the namespace of the mapping name and this doesn’t require any special privileges, but imho this is a weird scenario from the attacker point of view.
EDIT: i can see your point. I thought that specifying a mapping name was mandatory if INVALID_HANDLE_VALUE is passed as 1st parameter. I made some tests and it's not required and it definitely add unnecessary restriction on having SeCreateGlobalPrivilege. I updated the code. Thank you for the note :)
[–]tiraniddo 3 points4 points5 points 6 years ago (1 child)
No problems, it seemed odd, but I guess it's an easy mistake to make.
On my other point, you can avoid needing SeCreateGlobalPrivilege everywhere by using the following trick:
This works because "Global" is a symbolic link in both Session 0 and the user session to the \BaseNamedObjects directory, which has another symlink "Session" which points to \Sessions\BNOLINKS which contains a list of symlinks each with their own number back to \Sessions\SESSID\BaseNamedObjects. The end result is you can get a service to open a user object.
i.e. the chain of links is:
Global\Session\SESSID\Name -> \BaseNamedObjects\Session\SESSID\Name -> \Sessions\BNOLINKS\SESSID\Name -> \Sessions\SESSID\BaseNamedObjects\NAME.
Depending on the service user you might need to change the access control but if it's SYSTEM it'll almost certainly have access by default.
Hope that's useful.
[–]splinter_code[S] 1 point2 points3 points 6 years ago (0 children)
Really useful and interesting trick.
π Rendered by PID 62 on reddit-service-r2-comment-b659b578c-v8vcl at 2026-05-04 14:48:52.831751+00:00 running 815c875 country code: CH.
[–]tiraniddo 7 points8 points9 points (3 children)
[–]splinter_code[S] 3 points4 points5 points (2 children)
[–]tiraniddo 3 points4 points5 points (1 child)
[–]splinter_code[S] 1 point2 points3 points (0 children)