In the second part of this series, we take Scarecrow and make it our own by changing how payloads are stored and executed. By the end of this experiment we can get a better understanding of the iterative testing approach that can keep our payloads alive....

Scarecrow is an open-source Go loader designed to take raw shellcode and execute it while utilizing ETW/AMSI patching, EDR unhooking and direct syscalls. In this first post of a series, we look at its feature and dig in, to understand how it works....