March 3, 2024 at 05:54PM

■■■■■ DarkWidow : a Dropper/Post Exploitation Tool targeting Windows (Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing).

https://github.com/reveng007/DarkWidow

https://t.me/cKure/13588