Encrypting your payload and decrypting it upon execution is one of the most well-documented and simple strategies to avoid static analysis. Static file signatures are rendered worthless since each time a new payload is created. Multiple open source projects (Veil, Hyperion, PE-Crypter, and so on) illustrate this, but we also wanted to test memory injection techniques, so we created a bespoke crypter to include them in the same payload.
Our payload and the malicious payload would be decrypted, loaded, and executed by the crypter via a “stub.” By passing these through our crypter, we’ll be able to combine them into a final payload that we can send to our target.
Also it seems that AV/EDR’s love detecting remote process injection, so injecting into yourself and doing PPID spoofing, heap encyrption, in-memory encryption (VEH single-stepping or alternating memory permissions) would most likely avoid Windows defender. Also it’s worth mentioning that it’s not just Windows Defender that you would be thinking about but ETW and the KeDispatchTable are both vested interests, maybe even doing Token Stoming would benefit you here.
You really need to understand what is being caught and how, because if you don’t the possibilities are almost endless. You can try to apply all the different types of evasion techniques but in reality you really only need a couple that evade what is being detected. The catch is that you have to find it.