Defense Evasion
AV Bypass with Metasploit Templates and Custom BinariesEvading Windows Defender with 1 Byte ChangeBypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon SessionsBypassing Cylance and other AVs/EDRs by Unhooking Windows APIsWindows API Hashing in MalwareDetecting Hooked SyscallsCalling Syscalls Directly from Visual Studio to Bypass AVs/EDRsRetrieving ntdll Syscall Stubs from Disk at Run-timeFull DLL Unhooking with C++Enumerating RWX Protected Memory Regions for Code InjectionDisabling Windows Event Logs by Suspending EventLog Service ThreadsT1027: Obfuscated Powershell InvocationsMasquerading Processes in Userland via _PEBCommandline ObfusactionFile Smuggling with HTML and JavaScriptT1099: TimestompingT1096: Alternate Data StreamsT1158: Hidden FilesT1140: Encode/Decode Data with CertutilDownloading Files with CertutilT1045: Packed BinariesUnloading Sysmon DriverBypassing IDS Signatures with Simple Reverse ShellsPreventing 3rd Party DLLs from Injecting into your MalwareProcessDynamicCodePolicy: Arbitrary Code Guard (ACG)Parent Process ID (PPID) SpoofingExecuting C# Assemblies from Jscript and wscript with DotNetToJscript
PreviousInjecting .NET Assembly to an Unmanaged ProcessNextAV Bypass with Metasploit Templates and Custom Binaries
Last updated
Was this helpful?