Description: 

Windows Payload Development: EDR Evasion and Initial Access Tradecraft is a course designed to provide knowledge and skills to create advanced payloads while navigating and overcoming modern defensive controls. This hands-on class focuses on payload development, analysis, and the initial access tradecraft needed to effectively operate against Windows systems in enterprise networks.

Participants will learn about the full spectrum of payload types and formats, including EXEs, DLLs, shellcode, and .NET assemblies, as well as advanced techniques for designing memory-resident payloads through process injection and memory management. The course also covers strategies for evading Endpoint Detection and Response (EDR) systems and other telemetry solutions, addressing challenges such as API hooking, AMSI bypasses, ETW evasion, and AI/ML-based classifications.

Attendees will delve into implant design with a focus on modularity, reflective loading, encryption, and communication mechanisms, including synchronous and asynchronous methods. Practical exercises explore leveraging LOLBins (living off the land binaries) and third-party binaries, such as PowerShell, JScript, MSBuild, and Python, to bypass application whitelisting and create effective initial access vectors.

The course also introduces participants to the fundamentals of packer design, including compression, encryption, environmental keying, and methods to manipulate entropy and metadata. Students will leave with a strong foundation in building payloads that are both effective and evasive, understanding how to overcome blue team defenses and operate stealthily.

Register Now!Students Will Be Provided With: 

  • Lifetime Access to Course Material, plus 1-month Lab Access
  • Exclusive Course Swag
  • Certificate of Completion

Register Now!

Minimum Course Requirements:

  • Laptop with 8GB of RAM
  • Modern Web Browser (Chrome, Firefox, etc.)

Prerequisites:

  • Basic understanding of Windows fundamentals.
  • Basic programming knowledge.
  • Willingness to learn advanced concepts in a fast-paced environment.

Register Now!

Target Audience:

This course is designed for beginner and intermediate-level red team operators, malware developers, and hackers looking to build a strong foundation in Windows payload development, EDR evasion techniques, and initial access tradecraft.

Trainers Biography:

Kevin Clark is a Security Consultant with TrustedSec and Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and Ek47. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.

Rey “Privesc” Bango is a Principal Cloud Advocate at Microsoft focused on empowering companies and information technologists to take full advantage of transformative technologies. He works to build patterns and practices that streamline the development of solutions that take advantage of Artificial Intelligence and Machine Learning while ensuring that trust and confidence are a top priority, whether through security or responsible use of technology. Since 1989, Rey has explored the world of information technology through the lens of software developer, open-source contributor, cybersecurity practitioner, and an advocate for the secure and responsible use of artificial intelligence for social good.

Register Now!