Nature’s cheats

Tools like nmap are very noisy and non-stealthy and can easily get picked up by devices such as firewalls and IDS. Dropping a payload on a target host, can get picked up by the Anti Virus or EDR solution. To avoid these detections, it is important to employ techniques that will bypass these defense mechanisms.

---

Testlab

• Virtual machines
• Assemblers
• Compilers
• Disassemblers
• Debuggers
• Decompilers
• Exploit development
• Exploitation tools

---

Process injection

• Introduction
• Shellcode injection
• Process hollowing
• Thread execution hijacking
• Dynamic-link library injection
• Portable executable injection
• TrickBot

AV evasion

• Introduction
• Basic assembly shellcode
• Generate shellcode
• Staged vs stageless payloads
• Encoding and encrypting shellcode
• Packers
• Binders

Obfuscation basics

• Introduction
• Principles
• Protecting and stripping identifiable information

Signature evasion

• Introduction
• Signature identification
• Static code-based signatures
• Static property-based signatures
• Behavioural signatures
• Real world challenge

Bypassing UAC

• Introduction
• GUI based bypasses
• AutoElevating processes
• Fodhelper-curver exploit
• Bypassing Always Notify
• Automated exploitation

Runtime detection evasion

• Introduction
• Study AMSI
• PowerShell downgrade
• PowerShell reflection
• Patching AMSI
• Automating, but …

Evading logging and monitoring

• Introduction
• Study ETW
• Powershell reflection
• Patching tracing functions
• Group policy takeover
• Abusing log pipeline
• Challenge

Living off the land

• Introduction
• Windows sysinternals
• LOLBAS project
• File operations
• File execution
• Application whitelisting bypasses
• Shortcuts
• No PowerShell
• Challenge: Astaroth

Network security solutions

• Introduction
• IDS/IPS systems
• Evasion via protocol manipulation
• Evasion via payload manipulation
• Evasion via route manipulation
• Evasion via tactical DoS
• C2 and IDS/IPS evasion
• Next-Generation security

Firewalls

• Introduction
• Firewall systems
• Evasion via controlling the source MAC/IP/Port
• Evasion via forcing fragmentation, MTU, and data length
• Evasion via modifying header fields
• Evasion using port hopping
• Evasion using port tunnelling
• Evasion using non-standard ports
• Next-Generation firewalls

Sandbox evasion

• Introduction
• An adversary walks into a sandbox
• Common sandbox evasion techniques
• Implementing evasion techniques
• The Great Escape

---