A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page. How It Works: This technique will create a PAGE_EXECUTE_READWRITE memory region where the encrypted assembly instructions …
Continue reading “Voidgate – Advanced Technique To Bypass AV/EDR Memory Scanners”