This is a POC for the EarlyBird injection technique as named by Cyberbit. More details here: Hackers Found Using A New Code Injection Technique to Evade Detection
Use:
- Put the shellcode of your choice to the source file (the included one will pop cmd.exe)
- Recompile
- Run: EarlyBird.exe [any x64 binary]