Donut WLDP and AMSI patching enabled

[CodeXTF2]

Describe the bug
When generating shellcode in Sliver, Donut has the AMSI and WLDP options enabled, which can add detections.

To Reproduce
Steps to reproduce the behavior:

1. Start Sliver
2. generate --http {any ip here} --os windows --format shellcode

Expected behavior
Elastic flags the beacon for patching AMSI and WLDP even though -e (which would normally enable AMSI patching) is disabled.

OS Windows (implant)

[rkervella]

The --evasion flag has no impact on this. Right now, most of the Donut loader options are hardcoded:

sliver/server/generate/donut.go

Line 50 in 7676fc6

Bypass: 3, // 1=skip, 2=abort on fail, 3=continue on fail.

I should probably update that so it can be user controlled.

[CodeXTF2]

yeah im aware. I just referenced the --evasion flag in terms of intended behaviour. For now manually using donut with -b1 on sliver binaries works fine