Malware Development & Evasion Research

Phase 1: Advanced Evasion & Payload Engineering. I leverage **Indirect Syscalls** and **Hell's Gate** techniques to bypass user-land API hooks implanted by EDRs. My payloads utilize **Reflective DLL Injection** and **Process Hollowing** to execute entirely in memory, leaving no disk artifacts. I implement custom compile-time obfuscation (LLVM) and polymorphic engines to randomize the signature for every campaign, ensuring that static analysis engines (AV signatures) remain blind.

Phase 2: Operational Security & C2 Communications. To defeat automated sandboxing, I integrate environment-keyed execution guards and sophisticated anti-debugging triggers. Communication occurs via malleable C2 profiles using **Domain Fronting** and encrypted jitter channels to blend with legitimate business traffic (e.g., MS Teams, Microsoft Update). Persistence is achieved through obscure mechanism abuse (e.g., COM Hijacking, WMI Event Subscriptions) rather than standard Registry keys, minimizing forensic footprints.