research poc
New PoC Shellcode Loader Bypasses ETW and Uses Direct SyscallsBypassETWDirectSyscallShellcodeLoader
A proof-of-concept Windows shellcode loader named BypassETWDirectSyscallShellcodeLoader was published on GitHub. It demonstrates ETW bypass by patching EtwEventWrite, anti-debugging/sandbox checks, dynamic API resolution, and process injection via direct syscalls. The tool is intended for security research and penetration testing.