Evasion Capabilities | x64 Support | x86 Support | x86 on Wow64 Support |
---|---|---|---|
Stack Frame Chaining | Yes | No | No |
Indirect System Calls | Yes | Yes | Yes |
Hide Shellcode Sections in Memory | Yes | Yes | Yes |
Multiple Sleeping Masking Techniques | Yes | No | No |
Unhook EDR Userland Hooks and Dlls | Yes | No | No |
Unhook DLL Load Notifications | Yes | No | No |
LoadLibrary Proxy for ETW Evasion | Yes | No | No |
Thread Stack Encryption | Yes | Yes | Yes |
Badger Heap Encryption | Yes | Yes | Yes |
Masquerade Thread Stack Frame | Yes | Yes | Yes |
Hardware Breakpoint for AMSI/ETW Evasion | Yes | Yes | Yes |
Reuse Virtual Memory For ETW Evasion | Yes | Yes | Yes |
Reuse Existing Libraries from PEB | Yes | Yes | Yes |
Secure Free Badger Heap for Volatility Evasion | Yes | Yes | Yes |
Advanced Module Stomping with PEB Hooking | Yes | Yes | Yes |
In-Memory PE and RDLL Execution | Yes | Yes | Yes |
In-Memory BOF Execution | Yes | Yes | Yes |
In-Memory Dotnet Execution | Yes | Yes | Yes |
Network Malleability | Yes | Yes | Yes |
Built-In Anti-Debug Features | Yes | Yes | Yes |
Module stomping for BOF/Memexec | Yes | Yes | Yes |
Dark Vortex provides various trainings related to information security. For a standard list of training programs, visit Dark Vortex or feel free to reach us at [email protected]