C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once

Uses p/invoke to copy an encoded shellcode in memory, 100 bytes (chunks) at the time, rather than all at once

ProgramPatchAmsiEtw also patches AmsiScanBuffer and EtwEventWrite

Yes the code is shit, but meh so what - not like I have the whole day to write good pocs

Tested with Meterpreter staged rev HTTPS payload (encode_shellcode.cs or py version is the code I used to encode the raw one)

ProgramPatchAmsiEtw.cs against SentinelOne (used Babel .net obfuscator - free version - twice on the resulting exe)

Program.cs against Defender