From 7d555e2e3137a361c8e67fbd758cfdefa9d53036 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Thu, 30 Sep 2021 16:16:39 +0700
Subject: [PATCH] Add: mgeeky/ThreadStackSpoofer to Defense Evasion section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index 55d41fb..ff9daa9 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -1335,6 +1335,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/mgeeky/Stracciatella">mgeeky/Stracciatella</a></td>
         <td>OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/mgeeky/ThreadStackSpoofer">mgeeky/ThreadStackSpoofer</a></td>
+        <td>Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/MinervaLabsResearch/CoffeeShot">MinervaLabsResearch/CoffeeShot</a></td>
         <td>CoffeeShot: Avoid Detection with Memory Injection</td>