Chapter 1	-	Encryption & Decryption for Payloads 1.1 Simple Method for Execute Native Code in Memory via API Programming CreateThread/WriteProcessMemory/VirtualAlloc etc. 1.2 Encryption and Decryption for payloads via RC4 RC4 Encryption by C# & metasploit payloads. 1.3 Encryption and Decryption for Payload of Suspended Thread via XOR Talking about Xor Encryption by C# & VirtualAllocExNuma , VirtualAlloc2 and decryption in-memory for threads + metasploit payloads. Chapter 2	-	Executing Native Codes in Local Process 2.1 Local Thread Injection Classic Method and Indirect/Direct Technique D Talking about Marshal methods in C# like Marshal.GetDelegateForFunctionPointer and invoking C# codes in-memory via new method called "Technique D", bypassing kaspersky with last updates & windows defender 2.2 QueueUserAPC API Methods and Indirect/Direct Technique D Talking about some windows Apis like QueueUserAPC + Technique D 2.3 QueueUserAPC Classic Method Talking about classic QueueUserAPC in remote process & Windows API Monitor tool + NtQueueAPCThread Chapter 3	-	Executing Native Codes in Local Process (Part2) 3.1 Simple Method for Execute Native Code in Memory + JMP Method 1 Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections and bypassing windows defender 3.2 Simple Method for Execute Native Code in Memory + Delegate Method + JMP Method 1 Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections + using C# Delegate Tricks instead using CreateThread Api + memory Protection modes and bypassing windows defender 3.3 Simple Method for Execute Native Code in Memory + Delegate Method + JMP Method 1 [Part2] Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections + using C# Delegate Tricks instead using CreateThread Api + marshal.writebyte and bypassing windows defender 3.4 Indirect Call C# Methods in Memory via Reflection.Emit Jump Method Talking about new method to indirect call C# codes via reflection.emit class + new jump method via Emit & opcode.jmp + bypassing windows defender 3.5 Running C# Managed Codes in Memory via CreateThread API Talking about call C# method via CreateThread API directly without calling c# methods in code + bypassing windows defender Chapter 4	-	Executing Native Codes in Local Process (Part3) 4.1 New Approach with New APIs to Execute Payloads in Memory + Async Method and Bypassing Kaspersky Using New APIs instead old APIs with simple Async C# Method and Bypassing Kaspersky 4.2 Indirect Invoke C# Delegate + JMP Method 2 New Jump Method + Indirect Invoke C# Delegate and bypassing Kaspersky 4.3 Chunking CobaltStrike Payloads + Jump Method and Bypassing Kaspersky Chunking Payload Method in-memory and bypassing Kaspersky Chapter 5	-	Executing Native Code in Remote Process 5.1 Remote Thread Injection (Classic) Old Remote Injection Method (classic method) 5.2 Remote Thread Injection + Delegate Method and bypassing Defender Remote Injection + C# Delegate Method and Bypassing Windows Defender without Importing CreateRemoteThread or VirtualAllocEx APIs etc 5.3 Remote Thread Injection + Jump Method and Bypassing Kaspersky + Defender New Method for Remote Injection + Jump Method, Importing CreateRemoteThread API and bypass AVs like Kaspersky + windows Defender Chapter 6	-	[X technique] via Extension Methods in C# 6.1 X Technique, Changing Codes via Extension Method New Method for changing source code without changing result of code by C# eXtensions Chapter 7	-	Sliver C2 and your Csharp Codes 7.1 When Sliver C2 Payloads is Good to Use , When is not? Talking about New C2 Server Sliver-c2 and two examples for C# 7.2 Sliver-C2 Beacon with mTLS Payloads Using Beacons mode via Sliver-C2 payloads and mtls traffic + C# 7.3 Sliver-C2 Beacon with Https Payloads Using Beacons mode via Sliver-C2 payloads and https traffic + C# 7.4 Using Resource for Hardcoding Big Sliver-C2 Payloads Hardcoding Payloads in Csharp via Resources 7.5 C# Code for Encrypting Sliver-C2 Bin Files Talking about Xor method for encrypting C2 Payload files 7.6 Beacon Connections and Active Connections in Sliver-C2 Talking about Beacon Mode Connections and Interactive Connections 7.7 Bypassing ETW and Execute .NET Assembly Codes Talking About Bypassing ETW/AMSI and Execute .NET Codes Inside Target Process Chapter 8	-	Native CallBack Functions by C# 8.1 Native CallBack Functions by C# Windows Callback Function in C# and Async Call C# Methods via Callback Functions Chapter 9	-	Compiling and Running Managed Codes In-Memory by C# 9.1 Running C# Managed Codes In-Memory by C# Running C# Assemblies/Exe Inside Another Managed Process by C# 9.2 Running C# Managed Codes In-Memory by C# , Part2 Running C# Assemblies/Exe Inside Another Managed Process + Encrypting Exe Files over http Traffic 9.3 Compiling C# Source Codes In-Memory by C# Compiling/Running C# Source Codes Inside Another Managed Process Chapter 10	-	Detecting Memory Allocation in-memory via ETW Events (Blue team) 10.1 ETW and VirtualMemAlloc Events Payload Detection via ETW VirtualMemAlloc Events, using ETWProcessMon.cs + VirtualMemAllocMon.cs codes 10.2 ETW and VirtualMemAlloc Events , Part2 Payload Detection via ETW VirtualMemAlloc Events, using ETWProcessMon.cs + VirtualMemAllocMon.cs codes 10.3 ETW and VirtualMemAlloc Events , Part3 Payload Detection via ETW VirtualMemAlloc Events, Step by step using VirtualMemAllocMon.cs codes Chapter 11	-	Detecting Threats in-memory via other ETW Events (Blue team) 11.1 ETW ImageLoads and TCPIP Events for Detecting Threats In-Memory Using ETW DLL Loads Event or ImageLoads Events + TCPIP Send Events to Detect Threats 11.2 Detecting Remote Thread Injection and Monitoring Windows Events Log by C# Remote Thread Injection Detection in-memory + Creating Windows Event Logs and Monitoring them