Evasion
Currently working on this one! It's a lot of fun to make calc.exe
run. Most of this information can be found online, I'm not doing anything special because I'm not that good. Defender is still turned off...
I have a rough plan of what to write, but I'll add on as I learn:
Fundamentals
Architecture (
ntdll.dll
, processes, threads, memory)WinAPI (Variables, DLLs, file headers)
Detection
Types of detection
How EDR works (in-depth)
Bypassing AVs using combinations of techniques
Payloads
Encrypting shellcode
Where to put shellcode
Staged and Non-staged payloads (show HTTP callback)
Evasion
Process Injection
DLL Injection
API Hashing
PPID Spoofing
Module Stomping
Etc....too many techniques
I'll likely create a Github repository with all the code I created too. Again, these are just my notes, and its all public information anyway.
Last updated