Suspended Thread Injection
Another meterpreter injection technique using C# that attempts to bypass Defender.
This code was written after reading Bypassing Windows Defender Runtime Scanning by F-Secure Labs. The technique I have written isn’t the same but it got me thinking about how I can inject meterpreter into a remote process and go under the Defender radar.
The technique is quite simple:
Open a remote process using OpenProcess .
. Decrypt the meterpreter payload in memory…