You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -17,8 +17,8 @@ Evasive shellcode loader for bypassing event-based injection detection, without
- Drops a thread on that trampoline
## And so
- It's able to bypass Defender VM allocation alerting, and others. I'll explain the thinking behind each step in a blog post comming end of the week.
- It's able to bypass Defender ATP VM allocation alerting, and others. I'll explain the thinking behind each step in a blog post comming end of the week.
- Bypasses simple thread-centric scanners like `Get-InjectedThread`. Persisting within a process is another story, and this is up to the payload author.
- It is `sRDI`-compatible, but if your payload creates another local thread you will lose the benefit of thread start address in `ntdll`.
- Bypasses simple thread-centric scanners like `Get-InjectedThread`
