My POC for malicious powershell scripts loader designed to bypass security controls and avoid detection using advanced evasion techniques, it developed in C and assembly language, for fun and educational purposes.

• Hell's gate and Halo gate syscaller
• Switch to Veles' Reek technique (in case all syscalls were hooked, and hell's gate and halo gate failed)
• Protecting powershell process from AV/EDRs via block any non-microsoft signed DLLs
• Bypass application control even if EDR could monitor the remote process (powershell maybe blocked by EDR)
• Detecting EDR userland hooks in the remote process, and remove them in case EDR was able to inject its hooks into powershell process
• Bypass AMSI (Anti Malware Scanner Interface)
• Hiding powershell instructions using anonymous pipes
• No RWX
• API calls and syscalls hash obfuscation
• Custom implementation for GetModuleHandle/GetProcAddress in assembly
• Blinding ETW (Event Tracing for Windows)