
This PoC was built using visual studio 2019.
It gives a demo of internal thread creation of memory injected code that will not trigger a detection using Get-InjectedThread.

Build instructions

git clone -r
open .sln file using visual studio 2019
build the solution


Aquire a copy of Get-InjectedThread (
Start powershell and import Get-InjectedThread.ps1
run the built solution exe with either the argument "caught" or "evade"
run Get-InjectedThread in powershell and observe the result