Playing around with the Process Hollowing technique using Nim.
Direct syscalls for triggering Windows Native API functions with NimlineWhispers.
Shellcode encryption/decryption with AES in CTR mode.
Simple sandbox detection methods from the OSEP course by @offensive-security.
AMSI patching with @rasta-mouse’s method is also inside (uncomment it for your needs).
~$ git clone –recurse-submodules https://github.com/snovvcrash/NimHollow && cd NimHoll…