PakistanDatabase.com

RED TEAM Operator: Windows Evasion Course

neoh

New member
Joined
Aug 10, 2023
Messages
1
Hellcoins
♆12
3bsvtb81ruy4l5aleog9kyfjxmgt

Learn how to avoid modern endpoint protection technology with well-known, less known, and in-house developed techniques.

Contents​

Intro and Setup​

Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip

Essentials​

Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature

Non-privileged user vector​

Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping

High-privileged user vector​

Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon

Summary​

Evasion Decision Tree
Closing Words

Watch Online Or Download:-​

[Hidden content]
ty
 

hackden

Member
Joined
Aug 8, 2023
Messages
77
Hellcoins
♆113
3bsvtb81ruy4l5aleog9kyfjxmgt

Learn how to avoid modern endpoint protection technology with well-known, less known, and in-house developed techniques.

Contents​

Intro and Setup​

Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip

Essentials​

Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature

Non-privileged user vector​

Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping

High-privileged user vector​

Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon

Summary​

Evasion Decision Tree
Closing Words

Watch Online Or Download:-​

[Hidden content]
really man!!
 

asdfasdfasdfa

New member
Joined
Sep 13, 2023
Messages
3
Hellcoins
♆12
3bsvtb81ruy4l5aleog9kyfjxmgt

Learn how to avoid modern endpoint protection technology with well-known, less known, and in-house developed techniques.

Contents​

Intro and Setup​

Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip

Essentials​

Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature

Non-privileged user vector​

Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping

High-privileged user vector​

Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon

Summary​

Evasion Decision Tree
Closing Words

Watch Online Or Download:-​

[Hidden content]
Wowww!!
 

popk

New member
Joined
Sep 19, 2023
Messages
1
Hellcoins
♆3
3bsvtb81ruy4l5aleog9kyfjxmgt

Learn how to avoid modern endpoint protection technology with well-known, less known, and in-house developed techniques.

Contents​

Intro and Setup​

Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip

Essentials​

Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature

Non-privileged user vector​

Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping

High-privileged user vector​

Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon

Summary​

Evasion Decision Tree
Closing Words

Watch Online Or Download:-​

[Hidden content]
thanks
 

evily

New member
Joined
Sep 20, 2023
Messages
18
Hellcoins
♆41
3bsvtb81ruy4l5aleog9kyfjxmgt

Learn how to avoid modern endpoint protection technology with well-known, less known, and in-house developed techniques.

Contents​

Intro and Setup​

Course Introduction
Development VM Setup
RTO-WinEva.ova
WEv.zip

Essentials​

Modern Detection Tech
Evasion Development Rules
Binary Entropy
Module Details
Binary Signature

Non-privileged user vector​

Introduction To Process Unhooking
Hooks vs Code Injection
Process Unhooking - "Classic"
Hooks vs Hell's Gate
Hooks vs Halo's Gate
Process Unhooking - Perun's Fart
Silencing Process Event Tracing
Module Stomping
No-New-Thread Payload Execution
"Classic" PPID Spoofing
Changing Parents - Scheduler
Changing Parents - Emotet Method
Cmdline Arguments Spoofing
Assignment #1 - Hooks
Assignment #2 - Module Stomping

High-privileged user vector​

Blinding Eventlog
Blocking EPP Comms - Listing Connections
Blocking EPP Comms - Firewall
Blocking EPP Comms - Routing Table (P1)
Blocking EPP Comms - Routing Table (P2)
Dancing with Sysmon - Detection
Dancing with Sysmon - Kill'em!
Dancing with Sysmon - Silent Gag
Assignment #3 - Sysmon
Assignment #4 - Sysmon

Summary​

Evasion Decision Tree
Closing Words

Watch Online Or Download:-​

[Hidden content]
 
Top