2 Defense Evasion

The main idea of this chapter is simple – know your tooling. It can be very tempting to start pulling fresh tooling from GitHub after getting an initial foothold on the target machine, looking for low-hanging fruit and quick wins. It may work well in some training labs to learn about attacking concepts; however, during real engagement, a mature opponent can easily detect your malicious activity. There are quite a lot of professionally written tools for both defense and offense, not to mention C2 frameworks, vendor EDRs, and so on.

This chapter is not a fully comprehensive guide on how to evade all possible detection. Evasion is a constantly evolving game between the sword and the shield. Several factors can influence the way ...

Get Pentesting Active Directory and Windows-based Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting Active Directory and Windows-based Infrastructure by Denis Isakov

2

Defense Evasion

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly