C++ self-Injecting dropper based on various EDR evasion techniques.
-
Updated
Feb 11, 2024 - C
C++ self-Injecting dropper based on various EDR evasion techniques.
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Add a description, image, and links to the dropper topic page so that developers can more easily learn about it.
To associate your repository with the dropper topic, visit your repo's landing page and select "manage topics."