GitHub

A memory-based evasion technique which makes shellcode invisible from process start to end.

I wanted to share this shellcode self-injection POC to showcase some AV/EDR evasion concepts that may turn useful for Red Teaming. Just a few weeks ago I came up with a custom in-memory evasion ...
GitHub

4.9. Scan threads callstack (threads)

This scan provides another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution. Sometimes the implanted shellcodes cannot be detected ...