This is a poc for process hollowing shellcode technique wwritten in C#.
Uses a XOR encrypted msfvenom generated payload. Creates a process of svchost.exe in suspended state and injects shellcode into it. For full explaination I'll be writing a blog soon on here.
It also contains a powershell script hollow.ps1 which can load the program in it if you wanna do it all in memory without touching disk. Remember to change the IP.
Also includes a AMSI bypass which is loaded in the hollow.ps1 script. The bypass is courtesy of CRTP by pentester academy.
The obfuscated version is obfuscated with Rosfuscator by Melvin Langvik.