A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
malware
antivirus
evasion
bypass
fiber
dropper
bypass-antivirus
edr
implant
process-injection
ntdll-unhooking
systemfunction033
-
Updated
Feb 10, 2023 - C