Process Hollowing
This is a poc for process hollowing shellcode technique wwritten in C#.
Uses a XOR encrypted msfvenom generated payload. Creates a process of svchost.exe in suspended state and injects shellcode into it. For full explaination I'll be writing a blog soon on here.
Powershell
It also contains a powershell script hollow.ps1
which can load the program in it if you wanna do it all in memory without touching disk. Remember to change the IP.
Bypass
Also includes a AMSI bypass which is loaded in the hollow.ps1
script. The bypass is courtesy of CRTP by pentester academy.
Obfuscated Version
The obfuscated version is obfuscated with Rosfuscator by Melvin Langvik.