search

Defense Evasion

AV Bypass with Metasploit Templates and Custom Binarieschevron-rightEvading Windows Defender with 1 Byte Changechevron-rightBypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessionschevron-rightBypassing Cylance and other AVs/EDRs by Unhooking Windows APIschevron-rightWindows API Hashing in Malwarechevron-rightDetecting Hooked Syscallschevron-rightCalling Syscalls Directly from Visual Studio to Bypass AVs/EDRschevron-rightRetrieving ntdll Syscall Stubs from Disk at Run-timechevron-rightFull DLL Unhooking with C++chevron-rightEnumerating RWX Protected Memory Regions for Code Injectionchevron-rightDisabling Windows Event Logs by Suspending EventLog Service Threadschevron-rightT1027: Obfuscated Powershell Invocationschevron-rightMasquerading Processes in Userland via _PEBchevron-rightCommandline Obfusactionchevron-rightFile Smuggling with HTML and JavaScriptchevron-rightT1099: Timestompingchevron-rightT1096: Alternate Data Streamschevron-rightT1158: Hidden Fileschevron-rightT1140: Encode/Decode Data with Certutilchevron-rightDownloading Files with Certutilchevron-rightT1045: Packed Binarieschevron-rightUnloading Sysmon Driverchevron-rightBypassing IDS Signatures with Simple Reverse Shellschevron-rightPreventing 3rd Party DLLs from Injecting into your Malwarechevron-rightProcessDynamicCodePolicy: Arbitrary Code Guard (ACG)chevron-rightParent Process ID (PPID) Spoofingchevron-rightExecuting C# Assemblies from Jscript and wscript with DotNetToJscriptchevron-right
PreviousInjecting .NET Assembly to an Unmanaged ProcessNextAV Bypass with Metasploit Templates and Custom Binaries

Last updated