- No encryption
- No VirtualAlloc
- No CreateThread (Threadless)
- Direct execution of payload on heap using assembly and returning back
NOTE: This is a PoC. There are hard-coded values like syscall number. This can be extended futher by using hellsgate or other similar variations like Syswhispers.
- Steve - For his quality research posted on https://steve-s.gitbook.io/0xtriboulet/
- chatGPT, Google and other innumerable resources
- https://defuse.ca/online-x86-assembler.htm