Because AV evasion should be easy.

Experiment with PAGE_GUARD protection to hide memory from other processes

Dynamically resolve and invoke Windows APIs using Rust. This might help to avoid suspicious imports and the usage of GetProcAddress.

Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html

It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…

An even funnier way to disable windows defender. (through WSC api)

Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techniques