Description
Price: 19.00 USD | Size: 9.05 GB | Duration : 25.54 Hours | 3 Days Video training |
BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | 
4.9
Initial Access and Evasion Tactics Training
This intermediate-level, 3-day-long intensive course dives deep into Modern Initial Access and Evasion tactics, which were effective on numerous engagements delivered in tightly monitored environments. The author will share his insights regarding strategies that made his malware accomplish engagement objectives, side by side with aggressively configured AVs & EDRs. “Initial Access Mastery: Unveiling Evasion Tactics Training”
Designing modern Red Team malware carriers smuggled in scripts, executables, and HTML websites are only some areas the course focuses on. We will explore numerous technical concepts and file formats. Craft advanced malicious Office documents, shellcode loaders, smuggling payloads, and other infected scripts that will help us reach target systems effectively.
By applying modern AV & EDR evasion techniques into custom-crafted Red Team weaponry, capable teams will be equipped with the knowledge to succeed during adversary simulations even in the rapidly changing threat surface landscape.
This course focuses on that – telling effective techniques apart from ones that no longer work.
Course Content
Day 1 – Classic Initial Access
- » Hello Mythic C2
- » Introduction
- » Modern Cyberdefence Stack
- » Initial Access and Evasion Tactics
- » Classic file infection vectors
- » Windows Script Host files: VBS/VBE, JS/JSE, HTA, WSF
- » AutoIt3
- » COM Scriptlets
- » Executables
- » Maldocs
- » CHMs
- » LNKs, Polyglot LNKs
- » MSI Shenanigans
- » MSI weaponization strategies
- » Backdooring MSIs
Day 2 – New Hope
- » The Beauty of HTML Smuggling
- » Hosting Thy Payloads
- » Code Signed Threats
- » Fantastic Code Certs And Where To Find Them
- » MSIX + APPX
- » .NET Tactics
- » Local & Remote AppDomain Manager Injections
- » Resolving WinAPIs in C# World
- » ClickOnce Deployments
- » Containerized Malware
- » Complex Infection Chains ❤️
- » Containers, Triggers, Payloads & Decoys
- » Search-MS + WebDAV = 🔥
- » Successful Tactics
Day 3 – Executables & Shellcode Loaders
- » Protectors, Obfuscators
- » Backdooring EXEs & DLLs
- » Implant Watermarking
- » Meet Shellcode Loader
- » Hiding shellcodes in PE sections, overlay, resources, certificate area
- » Code Signing & Leaked certificates: MSI, NVIDIA & 5 others
- » Basic Evasions
- » Strings obfuscation
- » Entropy, File Bloating, Pumping
- » Time-Delayed Execution, Beating Emulators
- » Fooling ImpHash
- » AMSI, ETW – get off my lawn
- » Attacking EDR’s design
- » Calling WinAPI Safely
- » EDR on the Hook
- » Direct Syscalls
- » Indirect Syscalls
- » Asynchronous execution: FOLIAGE-style
- » Call Stack Obfuscation
- » Problem Analysis
- » Return Address overwrite
- » Spoofing
- » Other exotic evasions
- » Evading Kernel Module Load callbacks
- » Queuing LoadLibrary
- » Outro
Appendix – Maldocs
- » A guide through VBA infection strategies
- » Various means to execute implants in VBA – .NET Reflection, XSL Deserialization, and more
- » “Lures” – how to entice user into enabling macros
- » Hiding Payloads in Office structures
- » Alternative Macro autorun techniques
- » Exotic VBA carriers
- » Publisher, RTF files
- » Outlook’s VbaProject.OTM
- » MS Access, Visio, Project
- » Evasion Tactics
- » Sandbox Evasion
- » Office Trusted Paths + AMSI
- » Code obfuscation
- » File Encryption
Target Audience
Like this:
Like Loading...
Discover more from Expert Training
Subscribe to get the latest posts sent to your email.
Only logged in customers who have purchased this product may leave a review.
Reviews
There are no reviews yet.