A multi-layered evasion framework combining Hellβs Hall indirect syscalls, PEB-based API hashing, IAT camouflage, custom CRT removal, ntdll unhooking via KnownDlls, sandbox detection, self-deletion, and Fiber-based shellcode execution β built to understand and demonstrate how modern offensive tooling evades EDR/AV at every layer.
Combining PPID Spoofing, Module Stomping, RC4 encryption, and native NT API enumeration into a single injection framework β built from scratch to understand how modern evasion techniques work under the hood.
Manual PE backdooring from scratch: code cave injection, new section addition, XOR evasion, and Adaptix C2 beacon delivery inside a legitimate PuTTY binary.
Deep dive into the Windows PE file format and runtime process inspection via PEB walking β parsing headers, import/export tables, and the loader module list.