Assembler remote code linker immunity canvas in-memory library injection library loaded into memory without any disk activity metasploits meterpreter

Anti-forensics

• Syscall proxying - it transparently „proxies” a process’ system calls to a remote server:

– DEMO

Klip wideo

– DEMO

Klip wideo
• In memory worms/rootkits