AV Bypass with Metasploit Templates and Custom Binaries

Evading Windows Defender with 1 Byte Change

Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions

Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs

Windows API Hashing in Malware

Detecting Hooked Syscalls

Calling Syscalls Directly from Visual Studio to Bypass AVs/EDRs

Retrieving ntdll Syscall Stubs from Disk at Run-time

Full DLL Unhooking with C++

Enumerating RWX Protected Memory Regions for Code Injection

Disabling Windows Event Logs by Suspending EventLog Service Threads

Obfuscated Powershell Invocations

Masquerading Processes in Userland via _PEB

Commandline Obfusaction

File Smuggling with HTML and JavaScript

Timestomping

Alternate Data Streams

Hidden Files

Encode/Decode Data with Certutil

Downloading Files with Certutil

Packed Binaries

Bypassing IDS Signatures with Simple Reverse Shells

Preventing 3rd Party DLLs from Injecting into your Malware

ProcessDynamicCodePolicy: Arbitrary Code Guard (ACG)

Parent Process ID (PPID) Spoofing

Executing C# Assemblies from Jscript and wscript with DotNetToJscript