From kalilinuxtutorials.com
NimHollow is a Nim Implementation Of Process Hollowing Using Syscalls (PoC). Playing around with the Process Hollowing technique using Nim.
Features
Direct syscalls for triggering Windows Native API functions with NimlineWhispers or NimlineWhispers2.
Shellcode encryption/decryption with AES in CTR mode.
Simple sandbox detection methods from the OSEP course by @offensive-security.