Early Cascade Injection PoC

This is just a simple PoC implementation of the early cascade injection technique documented by the Outflank blog post.

All credits go to the people who found and documented the technique. I merely wrote the code now because I was bored. Cheers.

The g_ShimsEnabled and g_pfnSE_DllLoaded offsets/pointers are hardcoded because I couldn't be bothered to write code to dynamically find them. This code was tested on Microsoft Windows [Version 10.0.22631.4317]

Reference / Credit:

• https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/
• https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html