CallBack

Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID (64 bit)

Uses the 15 sec. delay I discovered in 2020 https://github.com/mobdk/Epsilon this bypass Windows Defender.

Compile: csc.exe /platform:x64 /target:exe /unsafe CallBack.cs

Insert Mimikatz shellcode with hex editor, copy the content of Mimikatz-64bit.txt where the string "A begins, remember to overwrite.

CallBack.exe is compiled version with embedded Mimikatz.

Video PoC: https://www.youtube.com/watch?v=8ym7ZRzkVK8