RED TEAM Operator: Windows Evasion Course
Buy now
Learn more
Intro and Setup
Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip
Essentials
Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature
Non-privileged user vector
Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping
High-privileged user vector
Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon
Summary
Evasion Decision Tree
Closing Words
Products
Course
RED TEAM Operator: Windows Evasion Course
RED TEAM Operator: Windows Evasion Course
RED TEAM Operator: Windows Evasion Course
Buy now
Learn more
Intro and Setup
Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip
Essentials
Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature
Non-privileged user vector
Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping
High-privileged user vector
Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon
Summary
Evasion Decision Tree
Closing Words
Learn more
Buy now
Learn how to avoid modern endpoint protection technology with well known, less known and in-house developed techniques.
Intro and Setup
4 Lessons
Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip
Essentials
5 Lessons
Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature
Non-privileged user vector
15 Lessons
Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping
High-privileged user vector
10 Lessons
Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon
Summary
2 Lessons
Evasion Decision Tree
Closing Words