Host Evasions

Understand the techniques behind host-based security and bypass the most common security products in Windows operating systems.

This module provides the essential knowledge and fundamental techniques to bypass various host-based security solutions, including AV products, UAC and AppLocker, Logging, Runtime Detection, and AMSI. You will also learn the Living-Off-the-Land technique and how to leverage the Windows Sysinternals tool to perform various Red Team purposes.

Windows Internals

Learn and understand the fundamentals of how Windows operates at its core.

Introduction to Windows API

Learn how to interact with the win32 API and understand its wide range of use cases

Abusing Windows Internals

Leverage windows internals components to evade common detection solutions, using modern tool-agnostic approaches.

Introduction to Antivirus

Understand how antivirus software works and what detection techniques are used to bypass malicious file checks.

AV Evasion: Shellcode

Learn shellcode encoding, packing, binders, and crypters.

Obfuscation Principles

Leverage tool-agnostic software obfuscation practices to hide malicious functions and create unique code.

Signature Evasion

Learn how to break signatures and evade common AV, using modern tool-agnostic approaches.

Bypassing UAC

Learn common ways to bypass User Account Control (UAC) in Windows hosts.

Runtime Detection Evasion

Learn how to bypass common runtime detection measures, such as AMSI, using modern tool-agnostic approaches.

Evading Logging and Monitoring

Learn how to bypass common logging and system monitoring, such as ETW, using modern tool-agnostic approaches.

Living Off the Land

Learn the essential concept of "Living Off the Land" in Red Team engagements.