Using fibers instead of threads to run shellcode.
Modifying the Process Environment Block for process argument spoofing.
Evading Windows Defender memory scanning.
CreateRemoteThread Process Injection in C#
Bypassing ETW userland hooks.
Bypassing AMSI when using Assembly.Load.
Using the Domain Name System as a Command & Control mechanism.
Tunneling C2 messages in ICMP traffic.