research poc
Evading Windows Defender with MiniDumpWriteDump, Donut, and Process InjectionMiniDumpWriteDump-Donut-Injection
A researcher demonstrates a technique to evade Windows Defender detection when dumping LSASS credentials. The method combines MiniDumpWriteDump with XOR encryption, Donut shellcode generation with AMSI bypass, and process injection into notepad.exe. Windows Defender failed to detect the final payload or its activity.