The Evasion lab (Certified Evasion Techniques Professional) is designed to equip information security professionals with the expertise needed to bypass defenses in modern enterprise environments. This course delves deep into the techniques and methodologies used to bypass endpoint countermeasures like EDRs. You will gain a comprehensive understanding of Windows internals, including the distinction between user-mode and kernel-mode components, also you will gain a comprehensive understanding of EDRs internals, and how telemetries are collected.
Throughout the course, you will learn about Windows Internals, reversing EDRs, bypassing Microsoft Defender for Endpoint (MDE), Elastic EDR, Sysmon weaponizing kernel exploits for defense evasion and bypassing security controls like Protected Processes (PP), Process Protection Light (PPL), Digital Signature Enforcement (DSE), Attack Surface Reduction (ASR) rules and incapacitating Event Tracing for Windows (ETW) telemetry and a lot more .
Syllabus
- Windows Internals
- EDR Internals
- Static Detection Bypass
- Initial Access Techniques
- Introduction to Windows Kernel Programming
- Road to Kernel
- EDR Killing
- Attack on EDR’s Kernel Callbacks
- Attack on ETW
- PP & PPL Bypass
- Extra Offensive Rootkit Techniques
- C2 Traffic Tunneling
- Block EDR’s Traffic
- ASR rules Bypass
- Attack on Sysmon
- UAC Bypass
- Anti-Analysis
