research poc
In-Memory PE Loader Demonstrates EDR Bypass via Dynamic ExecutionIn-Memory PE Loader
A proof-of-concept demonstrates an in-memory PE loader that downloads and executes a portable executable (e.g., putty.exe, EDRSilencer, Mimikatz) within an already-approved process, avoiding disk writes and evading detection by EDR solutions like Microsoft Defender XDR and Sophos XDR. The technique leverages dynamic execution to load malicious tools into a trusted process context, reducing EDR alerts.