research poc
Windows API Memory Injection Technique Bypasses EDR and AVEDR-Antivirus-Bypass-to-Gain-Shell-Access
A proof-of-concept tool demonstrates using Windows API calls VirtualAlloc, CreateThread, and WaitForSingleObject to inject shellcode into process memory, evading file-based detection. The technique achieves a reverse shell without writing to disk, highlighting the need for memory-based and behavioral defenses.