Evasion

Currently working on this one! It's a lot of fun to make calc.exe run. Most of this information can be found online, I'm not doing anything special because I'm not that good. Defender is still turned off...

I have a rough plan of what to write, but I'll add on as I learn:

• Fundamentals

  • Architecture (ntdll.dll, processes, threads, memory)

  • WinAPI (Variables, DLLs, file headers)

• Detection

  • Types of detection

  • How EDR works (in-depth)

  • Bypassing AVs using combinations of techniques

• Payloads

  • Encrypting shellcode

  • Where to put shellcode

  • Staged and Non-staged payloads (show HTTP callback)

• Evasion

  • Process Injection

  • DLL Injection

  • API Hashing

  • PPID Spoofing

  • Module Stomping

  • Etc....too many techniques

I'll likely create a Github repository with all the code I created too. Again, these are just my notes, and its all public information anyway.