Defense Evasion
AV Bypass with Metasploit Templates and Custom BinariesEvading Windows Defender with 1 Byte ChangeBypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon SessionsBypassing Cylance and other AVs/EDRs by Unhooking Windows APIsWindows API Hashing in MalwareDetecting Hooked SyscallsCalling Syscalls Directly from Visual Studio to Bypass AVs/EDRsRetrieving ntdll Syscall Stubs from Disk at Run-timeFull DLL Unhooking with C++Enumerating RWX Protected Memory Regions for Code InjectionDisabling Windows Event Logs by Suspending EventLog Service ThreadsObfuscated Powershell InvocationsMasquerading Processes in Userland via _PEBCommandline ObfusactionFile Smuggling with HTML and JavaScriptTimestompingAlternate Data StreamsHidden FilesEncode/Decode Data with CertutilDownloading Files with CertutilPacked BinariesUnloading Sysmon DriverBypassing IDS Signatures with Simple Reverse ShellsPreventing 3rd Party DLLs from Injecting into your MalwareProcessDynamicCodePolicy: Arbitrary Code Guard (ACG)Parent Process ID (PPID) SpoofingExecuting C# Assemblies from Jscript and wscript with DotNetToJscript