Using user-mode APC functions to execute code in remote processes.
Category: Malware Dev
Offensive PowerShell
Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.
Process Mitigation Policies & ACG
Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.