EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

EarlyBird APC Injection is a stealthy process injection technique that queues malicious shellcode into a suspended thread of a newly created process. Once the thread is resumed, the payload executes, making detection and analysis more difficult.

Use Windows' APC injection to execute shellcode via the NtTestAlert function.