EDR Evasion Part II: Your very own Scarecrow
In the second part of this series, we take Scarecrow and make it our own by changing how payloads are stored and executed. By the end of this experiment we can get a better understanding of the iterative testing approach that can keep our payloads alive....
EDR Evasion Part I: Understanding Scarecrow
Scarecrow is an open-source Go loader designed to take raw shellcode and execute it while utilizing ETW/AMSI patching, EDR unhooking and direct syscalls. In this first post of a series, we look at its feature and dig in, to understand how it works....