Intro to AV/EDR Evasion

WEBVTT Hey there, greetings everyone and welcome to the overview episode for our AVEDR Evasion Series. I will be your host for this journey. I am one Mr. Daniel Lowry. I've been working in cyber security for probably the last seven years or so and I've had a career in IT for over 20 now. I know the gray, it does show itself. Our SME for this particular soiree is going to be a one Mr. Mike Saunders. Mike, thank you so much for joining us. Tell us a little bit about yourself. Yeah, thanks for having me Daniel. So I'm Mike Saunders, principal consultant at Red Siege. We're an information security and penetration testing company, red teaming, that kind of stuff. Got into IT back as a job back in 1998 and been doing the security thing full time for about 16 years now. So been around for a little bit. Yeah, you've done a thing or two. One or two. You've seen a thing or two. I've seen some things. Absolutely true. So that's very cool and that's why we've got you here because we know you've got the skills and the knowledge and the experience that it takes for us to be able to learn from you because we want to take some of that knowledge that's in your head, get it into ours. Now that said, we know that this probably isn't a beginner course. This is not for those that are like, hey, you know, I want to learn a thing about computers, you call them. That's not where we're at. If you would, do us a good favor and kind of tell us the learner, the audience for this series, what's that going to look like? Yeah. So in this course, we're going to talk about what shellcode is and how you use it to execute code on systems. So you're going to need to have some understanding really of programming and C and C++ a little bit, some C sharp. However, this isn't a deep dive into Windows APIs. So some familiarity with writing some code would be a good starting point for you. We're going to write a shellcode loader. We're going to talk about ways that you can hide your shellcode on systems so that it doesn't get detected. And we're going to talk about some of the common things that get you caught when you're testing on a system. So how to avoid that, what the tripwires are, where they are, and how you can avoid those. That's excellent because I don't know about you, but I get excited about these kinds of things. Hopefully that's why you're here to watch this stuff because you get excited about that stuff. And yes, is it highly technical? Of course, but it's the skills that Mike's going to give us is going to set us head and shoulders above and make us a little bit better at what we can do and what we want to do in the future. So I'm really looking forward and excited this. Anything specifically that you are excited about getting your teeth into. Yeah, absolutely. So I'm really looking forward to just talking about some of the fun obfuscation techniques that we have for ways that you can hide your shellcode so that it doesn't get detected. Looking at how you can get that code execution and change up those signatures and at the end putting it all together so we can write an actual shellcode loader. You'll actually be able to write a loader for your malware at the end of the course. Well, you're saying all the things I like to hear, Mike. Any post exploitation stuff that we're going to be doing or is this all about the initial access? This is all going to be about initial access. So what you're going to be learning about is that code that you write that gets you that initial code execution on a system and how you avoid the detection there. So nothing, none of those post exploitation toolkits that will be there, but how you would get to the point that you could load those. One step at a time, ladies and gentlemen, one step at a time. That's what we're here to do. Well, hopefully I know I'm excited. I can see Mike is about to fall out of his chair. He's that kind of guy. He just loses his mind, right? And hopefully you're excited about it. We got a really great series for you. So we look forward to seeing you in the upcoming episodes.