Executing DLL’s from memory.
Injecting DLL’s into remote processes.
Writing stagers to interact with foreign C2 frameworks.
Maintaining access to a target system.
Using password filters to intercept logon credentials.
Logging Keystrokes with SetWindowHookEx.
Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.
Supplying arbitrary PPID values to CreateProcess.
Encoding Shellcode for use within malware.
Hiding IAT entries to evade detection.
Using Nim to write some simple tools.
Writing a process injection tool using direct system calls.
Creating a ClickOnce installer for Phishing campaigns.
Process Injection using NtCreateSection and NtMapViewOfSection.
Assuming other users identities by copying access tokens.
Using fibers instead of threads to run shellcode.
Modifying the Process Environment Block for process argument spoofing.
Evading Windows Defender memory scanning.