Shellcode Fluctuation PoC
A PoC implementation for an another in-memory evasion technique that cyclically encrypts and decrypts shellcode’s contents to then make it fluctuate between RW and RX memory protection. When our shellcode resides in RW memory pages, scanners such as Moneta or pe-sieve will be unable to track it down and dump it for further analysis.
After releasing ThreadStackSpoofer I’ve received a few questions about the following README’s point:
Change your Beacon’s memory …