Evading Defender - Asynchronous Procedure Call (APC) Injection via alertable state

New to Maldev? Start with our Maldev 101 foundational series before diving in: https://www.rbtsec.com/blog/category/maldev/ Join the Discord community to discuss and learn more: https://discord.gg/UnHBp9FuGK APC Injection via alertable state In this video, we explain how Asynchronous Procedure Call (APC) injection works and why it often appears in security research. We also highlight related Mythic capabilities, such as AMSI and ETW bypass concepts, default process swapping (e.g., MSBuild.exe as LOLBins), and user-focused system enumeration (Seatbelt) to provide context on how defenders and researchers study post-exploitation techniques. If you’d like to learn more or discuss the research side of these topics, join our community on Discord! Follow Us: Discord: https://discord.gg/UnHBp9FuGK LinkedIn: https://www.linkedin.com/company/rbtsecurity/ Twitter: https://twitter.com/RBTSecurity Facebook: https://www.facebook.com/RBTSecur1ty/ GitHub: https://github.com/rbtsecurity/ Contact Us: For business inquiries and collaborations, please email us at [email protected] Educational Disclaimer: All content is intended for educational purposes only, to promote ethical hacking and security research. #CyberSecurity #MalwareAnalysis #APCInjection #WindowsInternals #ReverseEngineering #RedTeam #InfoSec #SecurityResearch #TechEducation #HackingExplained #RBTSecurity