This conference talk introduces Kong Loader 🍌, a revolutionary concept for loading shellcode that prevents malware detection in memory. Learn how this innovative technique works by decrypting only one assembly instruction at a time, executing it, and then re-encrypting it immediately—ensuring that only the currently executing instruction is ever visible in memory. Discover how this approach can potentially bypass EDR (Endpoint Detection and Response) systems by maintaining minimal memory visibility during execution. The presentation, delivered by Tijme Gommers at Nullcon Goa 2025, explores the technical implementation and implications of this hidden art of rolling shellcode decryption for cybersecurity professionals and researchers.