From 765477b266ea041f58cb2a8aca9278e2b43ad752 Mon Sep 17 00:00:00 2001
From: CPunch <sethtstubbs@gmail.com>
Date: Tue, 12 Jul 2022 16:49:36 -0500
Subject: [PATCH] Created Obfuscation methods (markdown)

---
 Obfuscation-methods.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 Obfuscation-methods.md

diff --git a/Obfuscation-methods.md b/Obfuscation-methods.md
new file mode 100644
index 0000000..1fe6703
--- /dev/null
+++ b/Obfuscation-methods.md
@@ -0,0 +1,9 @@
+Laika uses several fairly common obfuscation techniques.
+
+## VM boxes, string obfuscations
+
+Laika has a tiny VM embedded in the library (`/lib`). This mostly handles things like deobfuscating strings during runtime. For more information regarding this, please read [this post on my blog](https://openpunk.com/pages/obfuscation-in-c/) which goes into detail on how it works.
+
+## Importing WinAPI during runtime (windows only)
+
+This method is extremely common and most AVs have smartened up to it. Basically instead of having WinAPI in our IAT (Import Address Table) of the executable, we load the commonly flagged functions (things like CreatePseudoConsole, ShellExecuteA, etc.) during runtime. For detail on adding another API to be loaded during runtime, please refer to the [contributing guide](https://github.com/CPunch/Laika/blob/main/CONTRIBUTING.md#bot-windows-api-imports-obfuscation).
\ No newline at end of file