Amber is a proof-of-concept tool used for bypassing antivirus software. Amber uses techniques that convert Portable Executables (PEs) to reflectively load those PEs. This can be used as a multi-stage payload for infection on a target system. Amber takes advantage of in-memory execution methods. In-memory fileless execution can be defined as executing a compiled PE inside the memory, without actually writing data to storage. This results in fewer footprints, as the malware does not leave a file on the hard drive. This method also makes it difficult for any antivirus or anti-malware solutions to be used for detection...READ MORE Wapack Labs has cataloged and reported on anti-detection tools in the past. An archive of related reporting can be found in the Red Sky Alliance portal.
WWW.WAPACKLABS.COM
