10 days ago
(4 months ago)Sauron Wrote:
Welcome to Windows Evasion course!
In the modern enterprise Windows environment we often encounter lots of obstacles, which try to detect and stop our sneaky tools and techniques. Endpoint protection agents (AV, IDS/IPS, EDR, etc.) are getting better and better at this, so this requires an extended effort in finding a way into the system and staying undetected during post-exploitation activities.COURSE IN A NUTSHELLYou Will Learn
This course will guide you though modern detection technology and teach how you can try to avoid it. This means understanding how the technology works and developing certain capabilities to stay under the radar.
You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.
- How a modern detection looks like
- How to get rid of process' internal operations monitoring
- How to make your payload look benign in memory
- How to break process parent-child relation
- How to disrupt EPP/EDR logging
- What is Sysmon and how to bypass it
What Will You Get?Requirements
- Full-blown videos explaining all techniques in detail
- Transcription with English subtitles
- Text supplements with additional information (code snipets, structure definitions, technology description and context, etc.)
- Source code with code templates for rapid development
- VM image with ready-to-use development environment
- Recommended: taking Malware Development Essentials and Malware Development Intermediate courses
- Solid experience with Windows OS
- Solid C/C++ programming knowledge
- Computer with min. 4 GB of RAM + 30 GB of free disk space
- VirtualBox 6.0+ installed
- Strong will to learn and having fun
Target Audience
- Ethical Hackers
- Penetration Testers
- Blue Teamers
- Threat Hunters
- All security engineers/professionals wanting to learn advanced offensive tactics
![[Image: Screenshot-1.png]](https://i.postimg.cc/vT4XS7fF/Screenshot-1.png)
Nice